comInto_Slayed_Slayed_protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

comInto_Slayed_Slayed_protected.exe
Size

23.7MB
MD5

0f78b448ebb758f63f7fdebe9ceb5ae0
SHA1

bafeaabbb2e27efcd9ee871fdd69f41449b546ec
SHA256

ae7dc85e190f842fbb92fa67c2e344741d9e70d3b6f2ff2d231d827bc1d564f6
SHA512

5551b12f75d1eec839dd3b601ebdfb7c90a411c6a84267444ce6d51606075d43ecbd579355d3e47aefc2413b0b72d08938cc76733aa169979fa14975027ff7c5
SSDEEP

393216:13XoVEWoK6Ed1QUUvFCoUT+ilIdIqj16YqMd/UrXChSemtvjsJouExoo77q:1nb2UvFCoIInj12Md/zcvjcouEKo/q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
comInto_Slayed_Slayed_protected.exe

Files

comInto_Slayed_Slayed_protected.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 384B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 29.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 19.3MB - Virtual size: 19.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ