808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6.exe
Size

4.8MB
MD5

1d9c728ec89c668cbf04b3675083c147
SHA1

12e3d829b600fe573346a6f3238791235e6869e3
SHA256

808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6
SHA512

368274ef7764afb2543ebe1bf3dc155470963947f4b9bfd109f917f60bf93699e867a41bee20b36555ad5052ab6c1a1a75599618b00e5ad6cbe11591d4f495d9
SSDEEP

98304:Peds1k64ydaLcTgXDHnnMMwgFHDuuvkUvU5pNzr8wFfu42Z6p1pta3LQi:P0s1kOxTAHlw8HOUvQ3n3Ffd2ZWa3L9

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6.exe

Files

808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 155KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ