26dbb8cdc46ecf186fe07605207bf622[.]bin | Triage

Sharing

General

Target

26dbb8cdc46ecf186fe07605207bf622.bin
Size

5.9MB
MD5

c1d09302b4ef65512a2576e44f2a7c2d
SHA1

dfed3cfddf321d0f6de1b648fb0664f9295d43bd
SHA256

fa3cd18198b639bed6d19f3ecbb4cc3d3b834c6926066caac9e0acb2003cd1fe
SHA512

d749ee0b3e642efd1cd1e05f445ff29ab0ec3685a495ffc8d124b5417877f2a7eb29d73a173f84c9a40454d6c09a5bd5c3f99e643901ec1eca9db985b6c5f335
SSDEEP

98304:Gg7LTI6xSijZbh3OCm+3KSKNavWbkZMADg0Gdtyg0TUmCSspMVRktKUAfZAK6rbS:l7LYshh7m+tebqDXGaHpspM7ktKpfOvS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/badf6c49e41bef9c00e665b7273b2e8d712abb6e463e451c39d33494eb02bd98.bin	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/badf6c49e41bef9c00e665b7273b2e8d712abb6e463e451c39d33494eb02bd98.bin

Files

26dbb8cdc46ecf186fe07605207bf622.bin
.zip

Password: infected
badf6c49e41bef9c00e665b7273b2e8d712abb6e463e451c39d33494eb02bd98.bin
.exe windows x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE