NEAS[.]4347ce5d8bca106e52e4476465c4898d49b909f528f54a7ae54086e79bd9c105_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4347ce5d8bca106e52e4476465c4898d49b909f528f54a7ae54086e79bd9c105_JC.exe
Size

3.4MB
MD5

2cb5f48f95efb970bb1c1a0495c1fe08
SHA1

50a71f504d56dd09b6c07b420e4232228147728f
SHA256

4347ce5d8bca106e52e4476465c4898d49b909f528f54a7ae54086e79bd9c105
SHA512

f59649e9058cc8af3322a29ca264bacfc64374c925af18b506098b689ab20039c499089200ead7d692bae306999efe4000c8b85e6387be3f6fc84e775f54ea75
SSDEEP

98304:wTygGyD5tRolUhZMyYRJBjMc6a/an9dWRt2:HW7O0ZMyYRvN6a+9cRM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4347ce5d8bca106e52e4476465c4898d49b909f528f54a7ae54086e79bd9c105_JC.exe

Files

NEAS.4347ce5d8bca106e52e4476465c4898d49b909f528f54a7ae54086e79bd9c105_JC.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 244KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 667B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ