c7f62a1f7e5592692d25520994031eeb[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7f62a1f7e5592692d25520994031eeb.bin
Size

4.7MB
MD5

ec92edfeedc8d3de81639000a8186fd0
SHA1

a4990144739de8949af24d0442bef9c41e2b2971
SHA256

4873fd067c994e76dd24e3e6ba6eb08d9d3d95e1dbc4fa85ebec9639fc3a342d
SHA512

977993218e783db3f2698bac375cfb623b9ee0e9850bef43e3b8dfe2e15fd9d995bed8e12041f461864f25ba85a4f77c24cbf0df3a8146f4c926d310a40f452e
SSDEEP

98304:v/+TspodeSMWj0+TUjqfqqe2cuo2gUYMITbvi0xoHCs0N2EtnUV+Jzt2i4F:v7SdTma3c/jHMITbxOis0NDtn5ZsF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/2f622d5a6134cdc02effd75cb70303471fea46bcdc70ea6f2b1eee0f6683c8e6.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2f622d5a6134cdc02effd75cb70303471fea46bcdc70ea6f2b1eee0f6683c8e6.exe

Files

c7f62a1f7e5592692d25520994031eeb.bin
.zip

Password: infected
2f622d5a6134cdc02effd75cb70303471fea46bcdc70ea6f2b1eee0f6683c8e6.exe
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 276KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 36KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.1MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ