b389115d6a8639c844f8c58a7b77c3f2208e8eb7392294ed0d6c6498229a2298 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b389115d6a8639c844f8c58a7b77c3f2208e8eb7392294ed0d6c6498229a2298
Size

2.2MB
MD5

3f9ec14439a7fe1d9ad095e4610be014
SHA1

6d81ababb1dd6d73f9b7b9668edfa2d56266dbb8
SHA256

b389115d6a8639c844f8c58a7b77c3f2208e8eb7392294ed0d6c6498229a2298
SHA512

3726d79f0f0946a25bfd5339ae4f913f37b6481b487573fd05cdb7b2cbb3fb4edaefa1120f130dbf5de3630c3029e1fd57215dae225e5dbbd79810123922b90a
SSDEEP

49152:xFFxtySeRjniXqYsZg6V3R8B3RQyRYF4+oXtgamC0AU/Alur:xFtjeJvYsZhs3TYFDodmuU/Aq

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b389115d6a8639c844f8c58a7b77c3f2208e8eb7392294ed0d6c6498229a2298

Files

b389115d6a8639c844f8c58a7b77c3f2208e8eb7392294ed0d6c6498229a2298
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 144KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ