SimuliaLicensePatcher[.]exe | Triage

Resubmissions

30-04-2024 20:16

240430-y2dzjsgh59 9

30-04-2024 14:45

240430-r4ycmshc4x 9

Sharing

General

Target

SimuliaLicensePatcher.exe
Size

7.7MB
MD5

4bca154d91fa2592f11f730988a106cd
SHA1

c244e509538a64f6e4ccd41d13b808f4f9bcda0b
SHA256

085e02519e34bbd0428bdc818ed5dc30fa987c4914f9b5bd9ca1b5e404fbf738
SHA512

d70cb3ba385dbda8a1b7a763aaa4c093f8f912e7bfb5d955b64cfcb34f6c280ab3a4d47acc59d4b67f9791f194b88bb9697d177b9aced8850e3bcde13bd00124
SSDEEP

196608:LytYizJjKD9Y4o5aBV2uzE0FQxidgM4RwZ+:mxe9UiVpZaIdMRp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SimuliaLicensePatcher.exe

Files

SimuliaLicensePatcher.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 54KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.6MB - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ