setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

setup.exe
Size

6.1MB
MD5

9bf2c4e621eb9d1c00ada8c62a641d21
SHA1

abad93db3f54b02dc911ce893e69e77c85d0864f
SHA256

3646a1dd0944272d46a0c710cdc30805e299ed728e911aed9087586a8067f2fe
SHA512

b3cc4ee86d903a5e25582eb581bf4f76fb0c4a586f88dccd39f7f5e9f7cef404ad3bcea21228bb367f6c5b99fe16b75b00ad2edf4f6c52cf037ce4a68234e98f
SSDEEP

98304:HjU6dT3Ej8cgXG8e2g2f2kHc5OMP/62YV3yjEtpCokiSNxZ6UJ4qgd:DrT3Ejc28e2g2fvcwMPiGj2pC8aDyqgd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows:6 windows x64 arch:x64

28cc55450edf4eab5f9510f1b709a4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp»§
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp»§
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp»§
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp»§
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28cc55450edf4eab5f9510f1b709a4a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 86KB

Size: - Virtual size: 252B

.vmp»§ Size: - Virtual size: 1.4MB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.9MB

.vmp»§ Size: - Virtual size: 279KB

.vmp»§ Size: 1024B - Virtual size: 960B

.vmp»§ Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 173KB - Virtual size: 1.4MB

.vmp»§
Size: - Virtual size: 1.4MB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.9MB

.vmp»§
Size: - Virtual size: 279KB

.vmp»§
Size: 1024B - Virtual size: 960B

.vmp»§
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 173KB - Virtual size: 1.4MB