099181592db185c539594ecf3053f52d[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

099181592db185c539594ecf3053f52d.bin
Size

19.3MB
MD5

f619baa64461054f28a90462dacb73e0
SHA1

d7b1e1b0fa896f30c97ae8e7d14fa18e453f3def
SHA256

d22e329e20da373becc0448a55636c8d8731a83019e30285693cafea426aa8af
SHA512

61f3edf5c0fd90710f71acda4a3446e972559e30b85094e964d9f279c965621469e6ec682a7575d65b076f9519bb3c603d91be161ac2410f3b98c2d4eba2fce8
SSDEEP

393216:mbt8HsCNQ08XjRIGFbWPeBXOHwFay0neY21xhYZYFRZHEue:mJ8bQ02jrFSPMeHdy0eY0zVkue

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/51745628d4c34c4b7fc4da7451ef6ca27fdeb2183423be4cc44dc67400184196.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/51745628d4c34c4b7fc4da7451ef6ca27fdeb2183423be4cc44dc67400184196.exe

Files

099181592db185c539594ecf3053f52d.bin
.zip

Password: infected
51745628d4c34c4b7fc4da7451ef6ca27fdeb2183423be4cc44dc67400184196.exe
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 509KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 188KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 29.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 18.7MB - Virtual size: 18.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 509KB - Virtual size: 872KB

Size: 188KB - Virtual size: 363KB

Size: 10KB - Virtual size: 16KB

Size: 23KB - Virtual size: 38KB

Size: 512B - Virtual size: 488B

Size: 2KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 29.5MB

.boot Size: 18.7MB - Virtual size: 18.7MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 29.5MB

.boot
Size: 18.7MB - Virtual size: 18.7MB

.reloc
Size: 16B - Virtual size: 4KB