7b99d83296e864363c31cd6fecaacb08[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7b99d83296e864363c31cd6fecaacb08.bin
Size

3.6MB
MD5

0319dd465fe295d550a9e78de1d6e7bb
SHA1

e839fecaea7d1d6a4b594c047f827ef0fa0a9d63
SHA256

f602bba17cffe21309144752ebb2a0cbb5da377f08696e1e4f90c3b871e05ea3
SHA512

f5ba52c5295896ef3a8f2d9eb4ae808a51520e3eaf191f3e27da66423ac426b831545f5d6e7956e03cce8173396fc74b010e3ea2e7a032c54fa12dcc81eb2c02
SSDEEP

98304:1cqShDV7jx7vfqZet9sol6ObbxbeCgujvB5COAHL:NSH7lvSZetFZbbxbrrjp5LS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/8b4d8f0285ae6e213947baaacd1f83b307ea4dd167d6b71abddb055132dd0cef.exe	themida

Files

7b99d83296e864363c31cd6fecaacb08.bin
.zip

Password: infected
8b4d8f0285ae6e213947baaacd1f83b307ea4dd167d6b71abddb055132dd0cef.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 57KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ