300a85702dfee48866e544b5177704a0[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

300a85702dfee48866e544b5177704a0.bin
Size

4.0MB
MD5

c40c4ec913c4b61ca6fe74893f35cb26
SHA1

a5faec1d389ed3d6cf6ba5dfbe1d6e0c19968ec2
SHA256

35a79e671c43bb15e93c1d469fdfb837630a23c076fef03c13ee7c7c41069262
SHA512

ccd66d29a9883fdc0e492ab95fc14b3c6c5e4085b2dc21f78418c3d40f81907dee6506e75b26fde7a4c6fe4038f641a98d2ce62e5d48c4cea8ff51b3d6490c17
SSDEEP

98304:utd4I4L2nA4qCcw57FtFStoZoX1h7/MQVrol:aaaA4ncwbm6oXDkwMl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/f199aff3254f8943d2f616782a1fb4c5f69f0a6faa0325a10781be8a2fdb77ff.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f199aff3254f8943d2f616782a1fb4c5f69f0a6faa0325a10781be8a2fdb77ff.exe

Files

300a85702dfee48866e544b5177704a0.bin
.zip

Password: infected
f199aff3254f8943d2f616782a1fb4c5f69f0a6faa0325a10781be8a2fdb77ff.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 82KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ