MTA SA V5[.]2 BRQNHOO[.]exe | Triage

Sharing

General

Target

MTA SA V5.2 BRQNHOO.exe
Size

3.7MB
MD5

059f53d754044d3eb12c33e91f5ac537
SHA1

ed1002b1c35a918edfcadf66d3609ddcc3ac8e34
SHA256

da4159dc610655677daaa93c89c3b6fca81a6fce7ece6d9b12a2ad10d2f096a5
SHA512

bc4aa5dc76f0c591a9e6fcd3449a04c1ef6338defd41c509f4a03f850ce48d553cce46084074e28a9aea8fbd2b5b2a3133e32d3b87c0b330513545bc3fae2289
SSDEEP

98304:cCVAuYXDUXVYeYV3DY0bgB/UwcpQg+ibVe:cNVUlYeYDRopcpP+i

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MTA SA V5.2 BRQNHOO.exe

Files

MTA SA V5.2 BRQNHOO.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 47KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 118KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ