61458152c4215d24d3dd2b099a07916871d0ecc2dc3144106eb79e63182b2ae8[.]exe | Triage

Resubmissions

30-11-2022 17:58

221130-wkdaksfb5v 9

30-11-2022 15:30

221130-sxknmscc77 9

Sharing

General

Target

61458152c4215d24d3dd2b099a07916871d0ecc2dc3144106eb79e63182b2ae8.exe
Size

13.2MB
MD5

0a5659701d99b9076e067606bf36e0b7
SHA1

b1dbd42d7d25c01e19716f6e18614a51fbcacd47
SHA256

61458152c4215d24d3dd2b099a07916871d0ecc2dc3144106eb79e63182b2ae8
SHA512

26c99fa962b533428404f4cc3f528412ea7d0cc2bcd1ba7f6854ef7a61803af0203e16e5a1b480a467daee86cee8222f36791293b97fd9aa75e56febbcb56d56
SSDEEP

393216:qEZVtQ0b8LgVDBA4M8+4gFw2XGRbDyRyQ:qEZVtQ0Qez9cApuRy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

61458152c4215d24d3dd2b099a07916871d0ecc2dc3144106eb79e63182b2ae8.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 842KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 69KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 19.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ