5efbe5d0bcd3b6a78d4ee2b4ea3236e4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5efbe5d0bcd3b6a78d4ee2b4ea3236e4.exe
Size

2.8MB
MD5

5efbe5d0bcd3b6a78d4ee2b4ea3236e4
SHA1

8e0ddc5b8acd564953ecf291a800b7b9b0247393
SHA256

d7426a296d6be3d59f4a746b7ac5bfaf32c55279485dd67054e7f50ac6fdd181
SHA512

f85b7ccbbd7a44eaad9be2ebf51627e0a4b766ba6d5a9549d9abec5b43dcce7509fbf90618e4b88887f370b4b7cb2860b303f0f8890dc5c1b4b41f5d63caeea3
SSDEEP

49152:xuPeaOJ1momZQaOqThKidlPrttczuW9TB++q2ETAkdPS3KNGfXcR5JbIl:I1DZQaOqTQoPhXW9TQEEgKNccRQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5efbe5d0bcd3b6a78d4ee2b4ea3236e4.exe

Files

5efbe5d0bcd3b6a78d4ee2b4ea3236e4.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 269KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 57KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ