ef2bfce32ca9a69c4a57eecf2d7c7863[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef2bfce32ca9a69c4a57eecf2d7c7863.bin
Size

2.9MB
MD5

b42c8881f00b6ce6c78979fb2ade2ac2
SHA1

1f66418ab0965e5b4b8e10e56c2b5bdf9072edb9
SHA256

6c5acc725c8e71f6f22402bef798cc9fdb0a48ec56c1c067acf8095ae9026098
SHA512

5d58e3a27df330802f242b23cedaff42daccfb6ac1e65a3a7376402ef3cc2feb09fa05c3eea90620d5cf363758aa2b9ea2367c9b85136887bc037a9c2f40ecfe
SSDEEP

49152:JHp4Wdtbij6K2spg9r1LH2Sml25lRNgjsxnKRHm0J78sG1Ag6ZD9AhqB45B2:Fp4ubi+7l9r5rC+lDxnKRvJ78stg6ZD1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/9bf011788466d21b1da215ee2c1b4d1bb3c476a9fb3091dea8de8461477e4e55.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9bf011788466d21b1da215ee2c1b4d1bb3c476a9fb3091dea8de8461477e4e55.exe

Files

ef2bfce32ca9a69c4a57eecf2d7c7863.bin
.zip

Password: infected
9bf011788466d21b1da215ee2c1b4d1bb3c476a9fb3091dea8de8461477e4e55.exe
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 76KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 596B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ