9268ad86425ae0eaf062c958823f9077[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9268ad86425ae0eaf062c958823f9077.bin
Size

2.2MB
MD5

a633fd31cbd8bb1f59555bf0213b18db
SHA1

a548311652acca5307d34999e166628db8997b73
SHA256

730b643f9005dae7cfe9dcc665177c4116ccc13645a41f21a490190b8870774f
SHA512

22219dd5e0747d17768c81a7453f287d16a3ea71f02ffa6a2346aa4215b4716970d3cb4aa097875535d886aaa859ec19d19d6f04431bf0ea615677c0e018db37
SSDEEP

49152:GBGGbaQin9hIOtDO4CdZDriL3+XLo1iwW08jtlMiBQ8Y:69inrvDO4GiTAwW0+lMiBQx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/1ccf3c53975d424749d3c4a1efdc59edf852d2cd1348107ceafa420c3bbe9287.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1ccf3c53975d424749d3c4a1efdc59edf852d2cd1348107ceafa420c3bbe9287.exe

Files

9268ad86425ae0eaf062c958823f9077.bin
.zip

Password: infected
1ccf3c53975d424749d3c4a1efdc59edf852d2cd1348107ceafa420c3bbe9287.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 269KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 168KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ