37a66ad66bf8673545688f626f75a267[.]exe | Triage

Sharing

General

Target

37a66ad66bf8673545688f626f75a267.exe
Size

5.2MB
MD5

37a66ad66bf8673545688f626f75a267
SHA1

283e207d80420126613bb29db0efa480b1e2c5b0
SHA256

6a5976dab8f9603600fe6fc22ec05d59df11d716e3352ae990ff8852eef156ec
SHA512

5c4314ec420afbdd074a91d93cf6c4f533223dc8ac4b1c0196d9b8ba56593a225523eee73319671f4ecdda7c71ee93f447b940973139ebcc1f8571c0992758eb
SSDEEP

98304:vkEdkfTdr6R0QicY7uKqokL6QsGk4Sasp02/C80KZXdhLToy:cEdkxrZcyqKrOAC8NZXd5TZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37a66ad66bf8673545688f626f75a267.exe

Files

37a66ad66bf8673545688f626f75a267.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 576B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ