WindowsFormsApp1_protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WindowsFormsApp1_protected.exe
Size

2.9MB
MD5

14518a3289c4d9c82195e71398b7c580
SHA1

4f37722229bbea2a8a6592ea9077617e152d9ada
SHA256

4b15baa6bdc91e2b2cd6ca50482f3fce04cf35802367c52cbf9cf3d1e340a9ac
SHA512

6d94d7cce5d4360a009382d98645684b677b6f8e181800467c23dd92b675cd43079de714881d799437b7587f28a663e22f89e3f04356dc8893081d5dddba52be
SSDEEP

49152:OdjGy5JBqt+tmglKNMKkAVPSwocsPoj21Ga2eWv4C4EtGgm9lx2X5VBtK71yHqM4:eG2CskglKNjVibojfVeI4NEpm9fwVBtY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WindowsFormsApp1_protected.exe

Files

WindowsFormsApp1_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 661B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ