NEAS[.]56a38de24507f3b72d487a37bbaa2580_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.56a38de24507f3b72d487a37bbaa2580_JC.exe
Size

2.4MB
MD5

56a38de24507f3b72d487a37bbaa2580
SHA1

d55b7402c70bf5b614257f77a224da0e6533bafb
SHA256

2ac494b3fa93e668786ee27f0be0e75268a32ff883383835e18d33682ef96aaf
SHA512

a3d60964c48fe6caee3c598039cd7b7c50dce56c452fa589062c9c8b16afdd17e41b6cee16d1fc851aaf725afd5de456b31d67cc74c83b69e00248b07ce5b9a0
SSDEEP

49152:tnJwLEXCi0nZa3gkrI/Q7S9iyQ7/ZZMqj3RHwyxMG7wQV:3aowX/Qe9iyQFZMqjB3xMGkq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.56a38de24507f3b72d487a37bbaa2580_JC.exe

Files

NEAS.56a38de24507f3b72d487a37bbaa2580_JC.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 133KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ