file[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

6.4MB
MD5

205b945f0aaa50763bc3ad9443467e08
SHA1

23239e6992179befbf9dd7a5c71adc180eb86c9c
SHA256

e5b44a18698e291d8d61f824918eb92f23947c45d48779ee414135e3a5f1fca8
SHA512

41e55e3f9fbd0ff0129a8e44bdec3712310aa6c371b2de522c3e5a780efc3ce69d8d36a9951e120bc1116c5f6e59dd0e15f19c93e83572787955cab6a2860485
SSDEEP

196608:l+a4cnPo9/gSymVTzs6qJEaxovaotkyzxBW:sajnP/SymBo6qJE8ovaotksxBW

Score

7^/10

vmprotect themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.exe

Files

file.exe
.exe windows:6 windows x86

a4308f82c6f6f467c58289d16d7acab2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp3
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4308f82c6f6f467c58289d16d7acab2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 2.1MB

Size: - Virtual size: 169KB

Size: - Virtual size: 34KB

Size: - Virtual size: 123KB

Size: - Virtual size: 41KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.vmp0 Size: - Virtual size: 41KB

.themida Size: - Virtual size: 3.5MB

.vmp1 Size: - Virtual size: 1.6MB

.vmp2 Size: 512B - Virtual size: 468B

.vmp3 Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 40KB - Virtual size: 40KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.vmp0
Size: - Virtual size: 41KB

.themida
Size: - Virtual size: 3.5MB

.vmp1
Size: - Virtual size: 1.6MB

.vmp2
Size: 512B - Virtual size: 468B

.vmp3
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 40KB - Virtual size: 40KB