BRR[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

BRR.exe
Size

2.3MB
MD5

9268ad86425ae0eaf062c958823f9077
SHA1

3db30cd9bd157316bf5ec0d28858e46100f0d36f
SHA256

1ccf3c53975d424749d3c4a1efdc59edf852d2cd1348107ceafa420c3bbe9287
SHA512

6d956bab2fc27bef2e186925cf565d2b6a2ec7f798b23fa896be90ccb2e7f07fc6d90cb9d14b6a8d95a709f396631057ec674dca3b047678dc28babe1366b6e0
SSDEEP

49152:yVCteF4iHhZ+RCC9+w4dyi8QpbKGHiF00lza+3LYjjRbX5:ypF4HRT9+w4dJP52F/a+7wF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
BRR.exe

Files

BRR.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 269KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 168KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ