Notepad++[.]exe

Resubmissions

04/02/2023, 23:20

230204-3blnxsad4t 9

27/01/2023, 07:07

230127-hx5cyaha99 9

Sharing

Copy URL Twitter E-mail

General

Target

Notepad++.exe
Size

8.0MB
MD5

19fa15fe91d4f5169ad94c4c5dfe9da6
SHA1

db91c95e5b84f8837995f646d275abbcab82868e
SHA256

f03f6a9ab2d536830966ffa1eb0c69531d881c9ffc1ef67591b263aff07e82ed
SHA512

369e050b2f748b351e2602c1ece99dd1ca1a3187e1b3862de16fc595e0a70646f545915d9654fbe6e840c06b1a183bc7f52bc24e69bd02e4aca6ebdf834bc6c8
SSDEEP

196608:vp2U8YvtN5HYoWuKk4aY+eUlOFzObLfdK5qBFPlVJFT7:B2UF1XeuKqMYbjdNF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

Notepad++.exe
.exe windows x86

dd2789256df2289a07a7ff7f35161563

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

mscoree

_CorExeMain

user32

CharUpperBuffW

Sections

Size: - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.37,ÄÖ
Size: - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.#:]ÄÖ
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.? eÄÖ
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kU>ÄÖ
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

dd2789256df2289a07a7ff7f35161563

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

user32

Sections

Size: - Virtual size: 656KB

Size: - Virtual size: 12B

Size: - Virtual size: 89KB

.imports Size: - Virtual size: 8KB

.37,ÄÖ Size: - Virtual size: 90KB

.themida Size: - Virtual size: 5.1MB

.boot Size: - Virtual size: 3.0MB

.taggant Size: - Virtual size: 8KB

.#:]ÄÖ Size: - Virtual size: 2.2MB

.? eÄÖ Size: 1024B - Virtual size: 856B

.kU>ÄÖ Size: 7.9MB - Virtual size: 7.9MB

.rsrc Size: 90KB - Virtual size: 89KB

.imports
Size: - Virtual size: 8KB

.37,ÄÖ
Size: - Virtual size: 90KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: - Virtual size: 3.0MB

.taggant
Size: - Virtual size: 8KB

.#:]ÄÖ
Size: - Virtual size: 2.2MB

.? eÄÖ
Size: 1024B - Virtual size: 856B

.kU>ÄÖ
Size: 7.9MB - Virtual size: 7.9MB

.rsrc
Size: 90KB - Virtual size: 89KB