268da59d80e742774c628a3ccc79b8ba | Triage

Sharing

General

Target

268da59d80e742774c628a3ccc79b8ba
Size

2.6MB
MD5

268da59d80e742774c628a3ccc79b8ba
SHA1

a6e3c9590dd4eddb05dcec93aa77c1b48bf278de
SHA256

3a558f250fe90b9ab40d8699c95978fe6d4d0642fc10c562d493b3690922120d
SHA512

da406a7b69761c2a11c390af3e89e1023fa4c3586411a32d0972971f3e33dcabb10c8094276052b47a646dd27a1b21a15453d7b801e43bdab22dee6cb82af68b
SSDEEP

49152:S6sCal8tGIaKKJyxIxu0oshPHe/SrBTEBuTU9qLlT/Eh+BMVM7sQ/q1k7:2CLt/60xR0osVH61B0hRu+sM7V/v

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/mingxiaozi/Domain.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mingxiaozi/Domain.exe

Files

268da59d80e742774c628a3ccc79b8ba
.zip
mingxiaozi/Domain.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 843KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.6MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mingxiaozi/SetData.mdb
mingxiaozi/skins/古典.skn
mingxiaozi/skins/奔放.skn
mingxiaozi/skins/斯文.skn
mingxiaozi/skins/稳重.skn
mingxiaozi/更新日记.txt