e88a882fc08fc6b37b38732262d79823[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e88a882fc08fc6b37b38732262d79823.exe
Size

5.9MB
MD5

e88a882fc08fc6b37b38732262d79823
SHA1

c8f5dea95079794c9379cab1268aa49d9940fcc4
SHA256

6042fcbd21d1df168c3c7561248eb18f56ca61e5bc5a77dbbf8db2d03424ce5f
SHA512

3b52d63156298db6f5b88c9ef25ef821f26843209e7ca504444e51c6e82b72aa1cd767366b5569aa25f10b84845b7bd290419b841466d968fe15a73cab8a5893
SSDEEP

98304:vk9YZq849D3vSdsfwLeGGUxdpCSHS4DuLHO5r6DaZbIwo2X905RdzifUWgCom8Ir:M9EL497q7iUx7HS4yO5r6iRq7EUW9n8i

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e88a882fc08fc6b37b38732262d79823.exe

Files

e88a882fc08fc6b37b38732262d79823.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 583B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ