archive-240424-09_04_33[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

archive-240424-09_04_33.rar
Size

2.8MB
MD5

1df6c96761557f51b4adf7f9f11c4e5d
SHA1

f06e8f20c94406c8682faf120d8dfcdb85a4caf3
SHA256

b1990f2a3293feff29504cbbaf7d89570e40561811d403b2a3482bb5f9657ed8
SHA512

795e33cacfdc07bc91954361c04dbd102119207f8850cd5c135dade36786ef374c30a5092ffffed2c697983024774fa4fb3d48a55639bcbce5f9e9e4c8544469
SSDEEP

49152:Mm5k/6YvIoutOur/ufwVzJ+aICUwi3wZnrcWtgdjKV+rosKD6PWrMRubEA:Mm5kCAIX7QwH+CZlcugEyorEEWubEA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/setup.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

archive-240424-09_04_33.rar
.rar

Password: 7329
hash.bin
setup.exe
.exe windows:6 windows x64 arch:x64

Password: 7329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 824KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE