59d589f27f394530ce2f7441b3366c8dc0423e14ba17b8fe62dd25683397d224[.]exe | Triage

Sharing

General

Target

59d589f27f394530ce2f7441b3366c8dc0423e14ba17b8fe62dd25683397d224.exe
Size

471KB
MD5

a2a9823517f77dbed5fa532c9496e846
SHA1

cadaaa42b02a026e3be4b90452baacaade0d7023
SHA256

59d589f27f394530ce2f7441b3366c8dc0423e14ba17b8fe62dd25683397d224
SHA512

55aa420e117c9809622453e3be721de84f7b3c59d7ec7e31fa62dd608d04e79d462b4f79521dc6ce26549ea7d19bd7e206f576c84fdf2d8c3fc61209e4fabd39
SSDEEP

12288:XhNRFm4oD8zMGSiH8R67dDAc0YPsGyXc3V:XRPoaMEHO6pl0BJXcl

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59d589f27f394530ce2f7441b3366c8dc0423e14ba17b8fe62dd25683397d224.exe

Files

59d589f27f394530ce2f7441b3366c8dc0423e14ba17b8fe62dd25683397d224.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.0MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ