d471887769a6d012118d8cd3be559ffb[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

d471887769a6d012118d8cd3be559ffb.bin
Size

4.0MB
MD5

063c2bcddf866d3569088bd4ec597240
SHA1

0f09435eb2937c0d589078039a6f5b35c9cbf31f
SHA256

0092ee16e1519cd2ae2ad3fc93c94a38537bfdeffedf317061c8e530d0aaf732
SHA512

9c36bafbd08dacae3a2c680477741feeeb05fb92d33dd3d18197e76c508f8b3d54e492a8e214236ee5e96910c960c7729149af5a77b17214284a8ea24697c2d5
SSDEEP

98304:arecvH9HIMU7bB0TKZCZF88HFUIU7aZDhUv1NkA:Uq790RF88Ce5hiV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/b6ccb79b56c67aaa14bae99de29d25fcc220a041161c7e1985dd0cf8707220bd.exe	themida

Files

d471887769a6d012118d8cd3be559ffb.bin
.zip

Password: infected
b6ccb79b56c67aaa14bae99de29d25fcc220a041161c7e1985dd0cf8707220bd.exe
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 427KB - Virtual size: 930KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 72KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.3MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 427KB - Virtual size: 930KB

Size: 72KB - Virtual size: 238KB

Size: 3KB - Virtual size: 38KB

Size: 13KB - Virtual size: 33KB

Size: 512B - Virtual size: 148B

Size: 1.3MB - Virtual size: 3.0MB

Size: 3KB - Virtual size: 9KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 120KB - Virtual size: 120KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 120KB - Virtual size: 120KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 16B - Virtual size: 4KB