e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca[.]zip

General

Target

e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.zip
Size

6.4MB
MD5

b424842beae9cadc0cb3e4990ef060b4
SHA1

b6913ac02584fc45ee1e6a6bb2c66e1e610b1e47
SHA256

f4fd0842db586c415fcb3e83a4b7168df03b851557873d2d18978ad57b257a1b
SHA512

afe7186d6b06f0fe7fa320c91e2d5fb0a8c371298bcb61633c963d9067bc97134834c413de1607b61314d404047f38a070c5c9a524b970d1da8c97df7ad9837f
SSDEEP

98304:gfTxhb+qhRmj2H1elEtqVcCJg7+xyob71ihfJ/eYxyoY8zo2Z99pKamlAsWs+Y:cTxboaVoEtac4g7+ClxloIdNPY

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.exe	themida

e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.zip
.zip

Password: infected
e1689f695b580c88f6b58274cfed905541749bd86f9f3cd95b70ae22387313ca.exe
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 338KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ