NEAS[.]e6e1bb6ffce2f35be1d676524ab141ba5cb6c1f434d7416a45321506ca0cd6a0exe_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e6e1bb6ffce2f35be1d676524ab141ba5cb6c1f434d7416a45321506ca0cd6a0exe_JC.exe
Size

4.6MB
MD5

9dfda03705d9f495375c68142432f08e
SHA1

b51243c3fbb38acb12028cadbf0682abe733bb33
SHA256

e6e1bb6ffce2f35be1d676524ab141ba5cb6c1f434d7416a45321506ca0cd6a0
SHA512

e3d222545a93fc9b2140b4cec94f3641cd65911739c029a69a15ff10bb4b38d9090e65e948032ec0abac6815c46cc50a26088b98b63d481e34e31a1396fc7d98
SSDEEP

98304:sm9mYZ+XMNXmLVi4XcE0+r6g0Ip7ZU9cYM622m9WmIuZttxaVSuyJZyQ:YYIphsE0+rPeXM62cmIItAPc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e6e1bb6ffce2f35be1d676524ab141ba5cb6c1f434d7416a45321506ca0cd6a0exe_JC.exe

Files

NEAS.e6e1bb6ffce2f35be1d676524ab141ba5cb6c1f434d7416a45321506ca0cd6a0exe_JC.exe
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.%/+%/+%
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%/+%/+%
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.,I2
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.:,x
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1>F
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 162KB

Size: - Virtual size: 67KB

Size: - Virtual size: 7KB

Size: - Virtual size: 1KB

Size: - Virtual size: 9KB

.imports Size: - Virtual size: 4KB

.%/+%/+% Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: - Virtual size: 2.3MB

.%/+%/+% Size: - Virtual size: 1KB

.,I2 Size: - Virtual size: 1.7MB

.:,x Size: 512B - Virtual size: 460B

.1>F Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 55KB - Virtual size: 67KB

.imports
Size: - Virtual size: 4KB

.%/+%/+%
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: - Virtual size: 2.3MB

.%/+%/+%
Size: - Virtual size: 1KB

.,I2
Size: - Virtual size: 1.7MB

.:,x
Size: 512B - Virtual size: 460B

.1>F
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 55KB - Virtual size: 67KB