4fa5bf8a9de062067aad3497e5c5fb56[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

4fa5bf8a9de062067aad3497e5c5fb56.bin
Size

2.1MB
MD5

1c6704413d6ecdd6968fe3843f7670b4
SHA1

a21bb925b6cfb741e33c9385173e5fdceae5c808
SHA256

c3f5b4eeec45375527e6e5241fd084c9507830086ebf6d846751e7527d0de16b
SHA512

3ff705e054c6137531014788b58d701be2298b2c1cdea290dba7e213f9fc4412736b81b317c950aaef897187301e5d86d0b155a1f04d920924ff9ffa3a622140
SSDEEP

49152:MiY2kv1QgpniuC2PgQBeAE2T2IfsNiZ7Z54Tlm:Mh2kygp7CCeJeFr7YA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/736beca1fe440ec344c0f23a7d9b460688d3bb0180e46450bc213ee403377511.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/736beca1fe440ec344c0f23a7d9b460688d3bb0180e46450bc213ee403377511.exe

Files

4fa5bf8a9de062067aad3497e5c5fb56.bin
.zip

Password: infected
736beca1fe440ec344c0f23a7d9b460688d3bb0180e46450bc213ee403377511.exe
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 512KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 19KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 512KB - Virtual size: 1.4MB

Size: 49KB - Virtual size: 159KB

Size: 2KB - Virtual size: 18KB

Size: 28KB - Virtual size: 50KB

Size: 19KB - Virtual size: 38KB

.vm_sec Size: 16KB - Virtual size: 16KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 50KB - Virtual size: 50KB

.themida Size: - Virtual size: 3.3MB

.boot Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 16B - Virtual size: 4KB

.vm_sec
Size: 16KB - Virtual size: 16KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 50KB - Virtual size: 50KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 16B - Virtual size: 4KB