NEAS[.]499a8507ddaa850925e3a19080f59cd0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.499a8507ddaa850925e3a19080f59cd0.exe
Size

2.4MB
MD5

499a8507ddaa850925e3a19080f59cd0
SHA1

f0360f8e677b91cd31146ddf67731b1348e7e236
SHA256

dc47b71dbe0f26b7a00e7feb22bc97aab1888a909688ac11e42661e369f333e3
SHA512

fa13f0135b425f3eff99c927ef6a2d6dc6df06f434c9f0052aaff530aa11f802d76b4f3aaff381cfd4155744b500d2801a5997c013b2601830a297af6892121c
SSDEEP

49152:tnJwLEXCi0nZa3gkrI/Q7S9iyQ7/ZZMqj3RHwyxMG7wQB:3aowX/Qe9iyQFZMqjB3xMGkO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.499a8507ddaa850925e3a19080f59cd0.exe

Files

NEAS.499a8507ddaa850925e3a19080f59cd0.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 133KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ