5ba5f954be0ccebe4b04a2f7d32b5b70[.]bin | Triage

Sharing

General

Target

5ba5f954be0ccebe4b04a2f7d32b5b70.bin
Size

2.0MB
MD5

45d0122af67f04857781235176a08e70
SHA1

92d5ae02882aac2e5d79eed02b7cbc33db5ddd0b
SHA256

a9818756ed2c31c6410a8161849295a457cedbcb57ef3222f6f15b55e93e8082
SHA512

64e6aef1e0cbb2480decbe0207cbbf0723988cbc5e1e0829dcde50c89b5d6f883e49b2450f40fc0e253509afce9cd89927afb246d6ff7563c3017675580455fa
SSDEEP

49152:RLvqdnpkJsn9yP5Ez9UTcfsp6WGOqsiixqOr:RLvq8Jsn9wUUY1r4TxFr

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/d40a01137b266d7416d640caab27ba34517e899aa8d7e53229d8b78067b02a6e.exe	themida

Files

5ba5f954be0ccebe4b04a2f7d32b5b70.bin
.zip

Password: infected
d40a01137b266d7416d640caab27ba34517e899aa8d7e53229d8b78067b02a6e.exe
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 556KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ