NEAS[.]999d912e44afb484c37737e9d82cf6f0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.999d912e44afb484c37737e9d82cf6f0.exe
Size

2.5MB
MD5

999d912e44afb484c37737e9d82cf6f0
SHA1

4b7a188c2f27268318e3d1a9f7ee23f179f4b560
SHA256

6698031971704c3547a96ce3435af60a5f5d7acadfe5425238eee937bb77c067
SHA512

c0263d22161e3eab2d358a6bf6b50f9d1e5f0fb0c1ac47ad98e37c6d95b877637850b811756ecd75fd99aa42ac9022b209882bc3d3dadea3fcee091be1e5bc68
SSDEEP

49152:ixmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxK:ixx9NUFkQx753uWuCyyxK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.999d912e44afb484c37737e9d82cf6f0.exe

Files

NEAS.999d912e44afb484c37737e9d82cf6f0.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ