TGN EXPLOIT X[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TGN EXPLOIT X.exe
Size

6.3MB
MD5

37e76d8a7443068b693515343358be4e
SHA1

9c1517acedec57435c61e827841d598d982c5be3
SHA256

a54691ffae9b5015c726a65a7661e2f7272981dd2dd73ad9bcccd544b9daee0e
SHA512

f07602466893ad84f9666bf8e5d877c6b03106f16e0304378224b28b5cf3b2250d3c6e6e4965f2442c175c92f54db44075304e0d9f7c8d70b2ba66063dd073cc
SSDEEP

98304:vMrXdEqMhbIaJd/ja97O9Wz6RAuApIs8fOV5EY/nGGp3MPIfy2h+sGdmsOMID0Sx:kCbIA/jp9WBqOLEY/LpcPIK29ZPXstP+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TGN EXPLOIT X.exe

Files

TGN EXPLOIT X.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 3.3MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ