948b76208d5d744db1ec9d5806be87c7[.]bin | Triage

Sharing

General

Target

948b76208d5d744db1ec9d5806be87c7.bin
Size

4.2MB
MD5

948b76208d5d744db1ec9d5806be87c7
SHA1

44b2e73646f19c048d18b6a44c991a4cade77f93
SHA256

80cd52c06b28feaadc19750e498c6dd8f1440fba457ec08010c25e7a2ced13ff
SHA512

bc19d3fd2638e7a679386386b81c18d657f0c44a7ac61a6d6c7b391c35d54f90f6e48c141c65e2fbc3040a1ba3fad1c78a1b2a4fc88b80f3781a622891d3738d
SSDEEP

98304:S/CnviB8mf2gF+uuUckft2a+SLgFCVx0u1JbQxd7XSOqY:RvUdfTFlL7LgFAyu1JbqddqY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
948b76208d5d744db1ec9d5806be87c7.bin

Files

948b76208d5d744db1ec9d5806be87c7.bin
.exe windows:4 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ