Debug[.]rar | Triage

General

Target

Debug.rar
Size

8.2MB
MD5

c1c807c9eafd5ba2cb6cb77fb0fe1507
SHA1

b942b376685a202fe0af43ce0a8e38cb7a6d6997
SHA256

e8cb2b5068fe856bf586e32f25605c082d6b3ce860103c1dc3082f86e6a1eb0a
SHA512

6a9dc66f583a598dc7e016553958d03e6958241c7da5bb1f3bf765c454a324f2028d6ba85816a079125a86598b7d01e26431cc6da94d96ff05f149dfe7fba2d3
SSDEEP

196608:MZTSH+q9tNeV6MTzZXNAP6SJJYSFu4R2HHWib81xV/2nBxN4j:MAsEGdeYSR2HHWS2TenBxOj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Guna.UI2_protected.dll	themida
static1/unpack001/WindowsFormsApp3_protected.exe	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Guna.UI2_protected.dll
unpack001/WindowsFormsApp3_protected.exe

Files

Debug.rar
.rar
Guna.UI2_protected.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

Size: 783KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
WindowsFormsApp3_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 56KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 783KB - Virtual size: 2.1MB

Size: 512B - Virtual size: 1KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 8KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.5MB - Virtual size: 3.5MB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 56KB - Virtual size: 88KB

Size: 1024B - Virtual size: 1KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 8KB

.themida Size: - Virtual size: 6.1MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 8KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.5MB - Virtual size: 3.5MB

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 8KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 3.9MB - Virtual size: 3.9MB