ea78832b8c8a25a4cd1044e392954400[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

ea78832b8c8a25a4cd1044e392954400.bin
Size

8.2MB
MD5

54a2bf9d23cccab2b7665afc4fa3bcc6
SHA1

98da8f7ef4f1f3f8c3f0a397dfec05df39033346
SHA256

d76d24ea6e2204c24f863cb74cf953c9d17e6d0f0844db8c989e5d846f62ade9
SHA512

3366944658bdce9e332293e28f8a4d22b09b216709c44dc5131509919545359d7740fc6c140532e7e903220cf2d18aaff20b6856d1167293ab28854747c97cf0
SSDEEP

196608:EfbqmT0J0eT7M1MSBEOXBnjhKXelfd93R:W00e3M1M83BnjoepdH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/de208af395fe880c1b3739e87f560e00833f80c29ffb043c72b4296b42c3be3a.bin	themida

Files

ea78832b8c8a25a4cd1044e392954400.bin
.zip

Password: infected
de208af395fe880c1b3739e87f560e00833f80c29ffb043c72b4296b42c3be3a.bin
.exe windows x64

Password: infected

6e300c316a0b1e85bdb813cd1ee9694b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

LdrFindResource_U
NtProtectVirtualMemory
NtWriteVirtualMemory
DbgPrint
LdrAccessResource
LdrGetProcedureAddress
RtlEqualUnicodeString
LdrGetDllHandle
RtlInitUnicodeString
DbgBreakPoint
RtlImageNtHeader
RtlInitAnsiString
NtQueryObject
NtOpenProcessToken
NtFreeVirtualMemory
NtOpenThread
NtQuerySystemInformation
NtWriteFile
RtlTimeToTimeFields
NtQueryInformationProcess
NtOpenProcess
RtlDosPathNameToNtPathName_U
NtAllocateVirtualMemory
NtReadVirtualMemory
NtClose
RtlAdjustPrivilege
RtlFreeHeap
NtCreateDebugObject
NtPrivilegeCheck
NtSetInformationProcess
NtQueryInformationThread
NtTerminateProcess
LdrDisableThreadCalloutsForDll
RtlCopyMemory
memcmp
memset

kernel32

HeapAlloc

Sections

Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 421KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 531KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 609KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 274KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6e300c316a0b1e85bdb813cd1ee9694b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

Size: 1.3MB - Virtual size: 1.3MB

Size: 421KB - Virtual size: 432KB

Size: 531KB - Virtual size: 532KB

Size: 47KB - Virtual size: 48KB

Size: 609KB - Virtual size: 612KB

Size: 2KB - Virtual size: 4KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 274KB - Virtual size: 276KB

.themida Size: 5.1MB - Virtual size: 5.1MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 1KB - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 274KB - Virtual size: 276KB

.themida
Size: 5.1MB - Virtual size: 5.1MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 1KB - Virtual size: 4KB