bymimiexe[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

bymimiexe.exe
Size

4.2MB
MD5

7bd775395b821e158a6961c573e6fd43
SHA1

bc3b4187ae87f5ae59d9a6160320876296acef6d
SHA256

5f7888c4f2649cf3751a41759b3ea3a021143790ad19cd5c8c95a07a8a0f066a
SHA512

c3577c6905b2af5cbf9b2d7bf4dc81ce19470e0647c95865d6603b4b9cd98c321bb3513034f03e369552ad0972e5988cb14fd1e7a414133e8e4456d5ad855b73
SSDEEP

98304:gZkO86u6RHsUg8P2FPQJ4/AqHxDjKtSG6fKD/AyWVZ6KivBS1T:kkkMJ8el4ccSi/X0366T

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bymimiexe.exe

Files

bymimiexe.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 495KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 100KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 495KB - Virtual size: 859KB

Size: 100KB - Virtual size: 421KB

Size: 6KB - Virtual size: 42KB

Size: 16KB - Virtual size: 27KB

Size: 3KB - Virtual size: 5KB

Size: 2KB - Virtual size: 10KB

.imports Size: 2KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.themida Size: - Virtual size: 6.1MB

.loadcon Size: 512B - Virtual size: 4KB

.boot Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.themida
Size: - Virtual size: 6.1MB

.loadcon
Size: 512B - Virtual size: 4KB

.boot
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 16B - Virtual size: 4KB