NEAS[.]a30000LEAJexe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a30000LEAJexe_JC.exe
Size

14.4MB
MD5

837be25bb85623822df77442ab32cb82
SHA1

b70014f09ee6744272b6c67e86177bdd60d9023d
SHA256

35d18e34a742e2dd1bb7c154d2f836b4ba18c7238021573a833962c7a2ba20ff
SHA512

ae01bf4e203f33d8d8b84873afca203556abbde7b13f5e9832d8d5118329ef55939475c7fa40ed65cb12623daf27a7ae6796336f72693896ed3bd875dff61281
SSDEEP

196608:loOIq5QZSqSucDaIVj1ei5YOphsE0+rPIbaNWsmIItAPRbHwu6+/:lolq5aFSMidsSzIbacsmIItUbQu9/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a30000LEAJexe_JC.exe

Files

NEAS.a30000LEAJexe_JC.exe
.exe windows:6 windows x86

f7f4fdfe1cbd1808e09ffc40b45c6b63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetClipboardData

advapi32

RegSetValueExA

shell32

ShellExecuteExW

ole32

CoTaskMemFree

Sections

Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.%/+%/+%
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%/+%/+%
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.,I2
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.:,x
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1>F
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7f4fdfe1cbd1808e09ffc40b45c6b63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: 164KB - Virtual size: 164KB

Size: 68KB - Virtual size: 68KB

Size: 8KB - Virtual size: 8KB

Size: 4KB - Virtual size: 4KB

Size: 12KB - Virtual size: 12KB

.imports Size: 4KB - Virtual size: 4KB

.%/+%/+% Size: 4KB - Virtual size: 4KB

.themida Size: 3.9MB - Virtual size: 3.9MB

.boot Size: 2.3MB - Virtual size: 2.3MB

.%/+%/+% Size: 4KB - Virtual size: 4KB

.,I2 Size: 1.7MB - Virtual size: 1.7MB

.:,x Size: 4KB - Virtual size: 4KB

.1>F Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 68KB

.imports
Size: 4KB - Virtual size: 4KB

.%/+%/+%
Size: 4KB - Virtual size: 4KB

.themida
Size: 3.9MB - Virtual size: 3.9MB

.boot
Size: 2.3MB - Virtual size: 2.3MB

.%/+%/+%
Size: 4KB - Virtual size: 4KB

.,I2
Size: 1.7MB - Virtual size: 1.7MB

.:,x
Size: 4KB - Virtual size: 4KB

.1>F
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 68KB