setup[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe
Size

6.5MB
MD5

40d691175e44e9bd31cbf51eae61e0ac
SHA1

caab1547b5eac7b895206765e1286b0124859e9f
SHA256

ea4c1099821bfea9d28b73a80720f2fcc7d6e20765c731294391f535ee853396
SHA512

238cf4ab59de4af64f1aa5d707ea418ae162b4c478d363dd0f215e063ea8ec3912b7f46cdcbf3c522ac3dffbd38a4e2b2c553ffa2a8267877ec5560c2575f4f7
SSDEEP

98304:K6cAZzRenRRZSJJL2f5vdyghaL2vn1MOHjVVC/b8gqKdn:UdUlehxVEzr1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe

Files

setup.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 86KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE