0b1acb4b5056b527aba9b2b8fe264f18[.]bin | Triage

Sharing

General

Target

0b1acb4b5056b527aba9b2b8fe264f18.bin
Size

1.4MB
MD5

406c25056827f56420811502319b8ff6
SHA1

601606ceff7a533d96572692af6e7fdc8f0e9092
SHA256

b5f3576a1e12a0123031cdbda2a814566f7d9befd9f1324d80da7db14d4bed6f
SHA512

3c3b13a637d4e05e190708a6c9035f0e9e73e1bdeb837bd9ac448c054b1ea03b6de35e4354aee8138620e125c42498b48b5eba4524f574ece1986e4944115875
SSDEEP

24576:mKbDEWbndw/b1OZ39fJszmOjG++4OaXnVN/ZY50/VaeKMVSkn0zINwws:mKfEWbndw/RqYmOjrWdedY80zii

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/660d50f7a98df33bd4a50f36197b7bc607017cc48847b236e5da75d25fba4d7b.exe	themida

Files

0b1acb4b5056b527aba9b2b8fe264f18.bin
.zip

Password: infected
660d50f7a98df33bd4a50f36197b7bc607017cc48847b236e5da75d25fba4d7b.exe
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 12KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ