IP[.]exe | Triage

Resubmissions

26-04-2024 16:04

240426-thygmafb72 9

26-04-2024 15:39

240426-s3w9mafe8t 9

26-04-2024 15:06

240426-sg9mtseb45 9

Sharing

Copy URL

Twitter E-mail

General

Target

IP.exe
Size

20.2MB
MD5

e72253d9c42192ba62b5e2552bbfbca4
SHA1

065af9ed0ec5d6d4b40c6dcf76e847b98b2572d2
SHA256

2208dc3c8ca0aa3456e5f562b8f338be4bdc5270a488a9e44e5c4f6a972a792d
SHA512

155879bbc185ce9df1b62f9ff9e0147cf99d5514004e92b8812bcec76783ad958dfaaf73ed6ddca99f2b942605a3b0a07156e12a1342241ad780d178a5074f4f
SSDEEP

393216:Ha5opL76qeFJ/KqbG1scz01nJr0dUMv3htIVCiOV82RqYBof8IuQK9CpBiz6:H5aJ/iFar09tIVCHR5ofKwpBQ6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
IP.exe

Files

IP.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 761B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 382KB - Virtual size: 716KB

Size: 59KB - Virtual size: 208KB

Size: 761B - Virtual size: 36KB

Size: 16KB - Virtual size: 27KB

Size: 13.4MB - Virtual size: 13.4MB

Size: 1KB - Virtual size: 2KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 47KB - Virtual size: 47KB

.themida Size: - Virtual size: 10.0MB

.boot Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 47KB - Virtual size: 47KB

.themida
Size: - Virtual size: 10.0MB

.boot
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 16B - Virtual size: 4KB