a03e180f08f32f630aeafc3402ec373a[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

a03e180f08f32f630aeafc3402ec373a.bin
Size

12.6MB
MD5

b0103a9e645a04cb5beb8e7eb1f8423c
SHA1

59eb375a9b470c32173c29236496217c248e333b
SHA256

339fdc75a76d6c564b0e6141e774f2aded372f06f9cd6169674cef0d86dc3fb3
SHA512

98d7af6215b7372d7d42d607789e74f6b5b141ea8947130d59fbc7fb75ccc5df448f9288a4f1e4abb0c7d169bbfce8154101c22365decaff16de74265f071aac
SSDEEP

196608:PKvNKazib5mgCl9WKjtE0DhIgggyBMHwtUP0V/Vx22svOaHDQf/nAz4/OJ:yVKa7gCSMK0DhIg0B+vux22aGok2J

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/28b697be1636fd2f853522358bd24a7215792ff0556849e5623997a2162a37e3.bin	themida

Files

a03e180f08f32f630aeafc3402ec373a.bin
.zip

Password: infected
28b697be1636fd2f853522358bd24a7215792ff0556849e5623997a2162a37e3.bin
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

OPENSSL_Applink

Sections

Size: 911KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 296KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 40KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 81KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 20.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 911KB - Virtual size: 1.7MB

Size: 296KB - Virtual size: 714KB

Size: 5KB - Virtual size: 42KB

Size: 40KB - Virtual size: 69KB

Size: 81KB - Virtual size: 196KB

Size: 7KB - Virtual size: 23KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 196KB - Virtual size: 196KB

.themida Size: - Virtual size: 20.1MB

.boot Size: 11.3MB - Virtual size: 11.3MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 196KB - Virtual size: 196KB

.themida
Size: - Virtual size: 20.1MB

.boot
Size: 11.3MB - Virtual size: 11.3MB

.reloc
Size: 16B - Virtual size: 4KB