NEAS[.]2023-09-07_57515aafce113f90b306a1cd8dea9640_xiaoba_JC[.]exe | Triage

Sharing

General

Target

NEAS.2023-09-07_57515aafce113f90b306a1cd8dea9640_xiaoba_JC.exe
Size

15.4MB
MD5

57515aafce113f90b306a1cd8dea9640
SHA1

7d74da5745ffb3d76b2df6c0270fc8039033e479
SHA256

1ccac8f3e3cf6c8cd83790b1a659bd4ea768d352af5e6a35d09498681cc42630
SHA512

77cc7b07594a25e4ef0baa237160bccf8dbe79815f36ee86d593a0b3c4a3cce61353d6cc012169a43d1969ac4bf0c0b9b47e37a7f2709e8de3a8850a1790e0a1
SSDEEP

393216:zSW1kTxOEeZvZd2resSRmltohKTK26hrQ5rDeTzgy:JkTxOhZUSsSetb6hrQ5Hengy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2023-09-07_57515aafce113f90b306a1cd8dea9640_xiaoba_JC.exe

Files

NEAS.2023-09-07_57515aafce113f90b306a1cd8dea9640_xiaoba_JC.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.5MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 348KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 72KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 19.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 13.3MB - Virtual size: 13.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ