1d9c728ec89c668cbf04b3675083c147[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d9c728ec89c668cbf04b3675083c147.bin
Size

4.5MB
MD5

4d494d342e366f69cd430a19366984e8
SHA1

0e93cd1c0cf591d70ef4b199a5715f619b751685
SHA256

48e232ebe95835442e80e2f28db8b4b30011031eb1273ae8a138e5667179b049
SHA512

f13598e4219d7e201c294668297a8f4d0ddf169d3d848feda66edd47ea923349d7b3ac735ea83a6a06ecc43373c3334f2b6846ebab2f7a9b8661a726764a6c89
SSDEEP

98304:Z+XfciPYh3T7PUOQ8WVtliM8JmyP6hEVzod4980gyBzKYkq:UXfpPYh3rWVtlB8JmQSEVDbgImYkq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6.exe

Files

1d9c728ec89c668cbf04b3675083c147.bin
.zip .ps1 polyglot

Password: infected
808543217f0aac497b3fb5ad394ad58d114705d6b1edede1f1b9712953668bf6.exe
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 155KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ