e9724f79d09583b45931d5040f02eb35 | Triage

Resubmissions

05/10/2023, 04:27

231005-e27gbaae89 9

04/10/2023, 14:12

231004-rjcv7scc8x 9

Sharing

Copy URL Twitter E-mail

General

Target

e9724f79d09583b45931d5040f02eb35
Size

2.5MB
MD5

e9724f79d09583b45931d5040f02eb35
SHA1

b36282772566336efe5d8a326e659629740a9daa
SHA256

65f68c86b215ee6c93a9c4f56eda6748e4af7d49589c69a3a5f96f5734468c25
SHA512

5c62c8f45156d8045c6e8d7ae6e5b503554df508e72b0e72985ef502243743eceb1d12c46c4e549fe270420985b96c149b190b84ed1e456dad1d979bb5c1c9fa
SSDEEP

49152:G/qJ1DLVsbF0nYqZfZonTzexyNXXzusxw13NTKWW8h+lle2dfhg5QbvZDx79Ow8:wQ1tI0YqZRonI+CGC3NTxW8h+esfhg5N

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9724f79d09583b45931d5040f02eb35

Files

e9724f79d09583b45931d5040f02eb35
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 86KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 930B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 692B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ