FiveM Mode[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FiveM Mode.exe
Size

9.1MB
MD5

83df9bc5edd19abfdd06622d88e2f164
SHA1

e5e300e9e50548eb24684396925c2f3cf5fa414b
SHA256

a512a2143ffa636271efe827275b70a76103fdaf4179cabbb48a9be633e3bc70
SHA512

df4e4dda1760939c6a769a0ae8a0b8c6cc728af736f03745ff7ff84a717bcabbe6aa76410a6c2ceb3c8580e9295b1373314ce7150603eb280c74fb672570b1e3
SSDEEP

196608:fbNj999999999999999999999999999SsDTg2kCGhnvtV4Sl/ApmVZ5iLGTOurq:Z999999999999999999999999999/DTn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

FiveM Mode.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 330KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ