a3e34cg[.]exe | Triage

Sharing

General

Target

a3e34cg.exe
Size

4.6MB
MD5

341e2e0fbcc88e262ed896ee11c06532
SHA1

60cd85254f5faeb3ba526650daf85b773b458b90
SHA256

250b10e7a4025f8845c9287d86eb1101f18f23e2dd3c50df642cbc40756afa97
SHA512

ea70d5bc2dc264ec92c57edaef2fe343e48c7f6d12d5b5c71432807fe19c536b10139b00040b364c15fc940d1ac9cf0e42f18e6dee1c412acdea17ac9e30d850
SSDEEP

49152:rOjkgSYGuvkNaJ/b0GYmsmf/sAa8hdCQB2xrajUVNY36pMK6CrOIvYApvSzZQljF:rXuvPZwAcQBVjUzgiMC02Xv+E

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

a3e34cg.exe

Files

a3e34cg.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 66KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ