e81xnd818fn[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e81xnd818fn.exe
Size

4.5MB
MD5

77a7174d992ce3ec9f22ac13fed66cdd
SHA1

23157b02f88055ed082513d51f808e08a959338e
SHA256

55268dec600c4338eb863d359b9cffbfaf920b492ddfe487e9999113bd5ee2be
SHA512

3d10d7f79ba67ea1c28710a9e967cbc90324ceaa05f94326b8981f89c483456d6a6a6dea2660310b300e6185085c30e8c9bbdc5aad6cd42f39312ba4142a7355
SSDEEP

98304:/Mc7HgBSiJcgrqMTHnml7I1FcZZ1AR94NP0XuvIlUr8Y81RS:EckB0grqMTHml7oFcT1AROAgWTS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e81xnd818fn.exe

Files

e81xnd818fn.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 47KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 62KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ