Setup[.]exe | Triage

Sharing

General

Target

Setup.exe
Size

2.3MB
MD5

97ea6f4c2e0cfb9770cb7bfdc353c36b
SHA1

12448c9c25d5c7339bd845d4375d8433bed1a216
SHA256

07bbf87fab1e4c25921db3c86c52affbf51727522e30baa9353fe7a5979c61f8
SHA512

f58a568543fc53a2e414ce4928eda5433b903dbdbed931da34c6bc8c9a251f1c2f6b11e6ecbe68c2f6d4917e6ea525019fc8d4d10833a0e88e7f32610da923ac
SSDEEP

49152:WWHPA8PAq5A1zmwILn0+3+5fYr7N9zm5Cd9z3EBiRKy3mJB:WWvVPA+MKwk09NY7N3d9z3E8RL2B

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

Setup.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 738KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ