UWNPMDA[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

UWNPMDA.exe
Size

24.2MB
MD5

afc76b175a6c7f535de4aa6f77730e28
SHA1

3997d3503931e0c3d207b4e0a4607e589ad48c91
SHA256

f86f8e06c38728ff04fea464530d2e048f0f44d90a4b5b1d276ab6db65b0e72e
SHA512

dcb3c19cbd38a4c066111df308837e3a4bb5464dc871a51952dac8411ef67fed771e5ae9d496e7fcf1e656f80179a275732c47f5acfba5db7339003b95b92bf2
SSDEEP

393216:7ggKoz6ot0skh7pG7QAcJPmYWpTKmBv7hlhB1sx28WA1TKGfUXfQZPVvw1JMVk+:7ggKo9+pGcAcU1Tph0YDeTK3mtvwQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
UWNPMDA.exe

Files

UWNPMDA.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 620KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16.0MB - Virtual size: 16.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 36KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ