Steam2protectedexeexeexe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Steam2protectedexeexeexe.exe
Size

8.7MB
MD5

a95da9b6788b07497605520ce53df495
SHA1

cf8e9300d3517c180c138ddab1b84812bdee9640
SHA256

ac35ceb6f2881d9a15270bdbff38e60c44947e953b570506e29a8dcc47303045
SHA512

57e4cb3ec27a8ae8d1d7010c1a4213bf5d445cb9e5376a90980e26349a802f8e3b7dedc6bc127ee56cc718c5c0331e816a4f72322e2c73735a6a5cd154fdb5b0
SSDEEP

196608:HvYZ0+R491OuezfV+IUQCl/BosJh8sUX4bYHVUftDlxqODX:QZR4POZt+IUf5oa8s58HVEtDik

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Steam2protectedexeexeexe.exe

Files

Steam2protectedexeexeexe.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 5.5MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 96KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ