9c1d3fea37ff557300b3da6b94df52c9a49c05534e7f414b397c56de93f39f53[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c1d3fea37ff557300b3da6b94df52c9a49c05534e7f414b397c56de93f39f53.exe
Size

3.0MB
MD5

2e2d52df8b32ed613f8e8f953523227c
SHA1

0a9ea11ccc9d5537f5e20b3f5a49c0516bc0553e
SHA256

9c1d3fea37ff557300b3da6b94df52c9a49c05534e7f414b397c56de93f39f53
SHA512

20beaca20abfa98d544c99f259d6c77939728297aa6117061cf5528bed0a8eaaaa465cec85d4b45a4d0cc64728be60069f0538ea5a327f1914e8b6652ec42e41
SSDEEP

49152:RjDOXa0LepKdffRXUwDDiFvIJTEDQ6XVDvQ6cNjS+fUo/SxV7/jkb/6Ot1YQXYfL:RHOqoeYJ5kiD4gyDQ6FDPo1/SzPI6eNe

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c1d3fea37ff557300b3da6b94df52c9a49c05534e7f414b397c56de93f39f53.exe

Files

9c1d3fea37ff557300b3da6b94df52c9a49c05534e7f414b397c56de93f39f53.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 499KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 73KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ