Dread498_protected[.]exe | Triage

Resubmissions

01/02/2024, 21:35

240201-1frpmaghen 9

19/06/2023, 22:07

230619-112ekage69 9

Sharing

Copy URL Twitter E-mail

General

Target

Dread498_protected.exe
Size

3.7MB
MD5

b7602315a23d46a720ad7cb8af62c118
SHA1

9b4344033db0a17c038833e51496dccdae71c55c
SHA256

7f97aec4b235fc0fb0e404a95ea49629aaa141054d20e5d43786c210b35baaf1
SHA512

23335438ff65ea778e0bf7152bfd25b9e39a71ffc5c1ac491b8cb3ddfb3a9f24142df61006366eda6f02d1e1003010e2fb0eddcbbf4ad239bc6c774ebd3e4b14
SSDEEP

98304:mKJm1hkS4yjkoyBnOwMVqOaXeZdqC7UO6YDsIumL/Hytn:NYpVy5MVXdf7KssIhL/yN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dread498_protected.exe

Files

Dread498_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 691KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ