test[.]exe | Triage

Resubmissions

11/03/2023, 19:58

230311-ypv3asch8w 10

11/03/2023, 19:54

230311-yml2lsbb27 10

Sharing

General

Target

test.exe
Size

2.9MB
MD5

500151e7dc0acc7fda0cd4d3870ecacd
SHA1

4a634975feb1c3adf814cfb0ff5dfcf75ad5dfdf
SHA256

01035e3da31903105da034556332fdb5e12b1b73d3bdd743c53dda86b1a02f2f
SHA512

6b082b7111bef5fec0193da473ff766b6ecc1b71fe985d2728354bb11ef948f4a6200849b1d9f98746c30783fe58e1d4f68c57f496d391ee43a963e926b42da5
SSDEEP

49152:RDwZ5Z54M/4rYHU50V5tT3Eo2dhlYbAoxrYYHX7iWd7r9adMu:iZB4i4rF2Yo2dhExrhHLBd7rqMu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

test.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Size: 21KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ