362697c95a1c9964af1ab23ddfc29b04[.]bin | Triage

Sharing

General

Target

362697c95a1c9964af1ab23ddfc29b04.bin
Size

4.1MB
MD5

82e10f630345d4ed1541cd51798727a3
SHA1

142ecdb9590f66681b6e44d63779b0229ea66d92
SHA256

ecfe6fb22dff160829a258b0dc35703846e8eb30bc16e1ce549321736b89b448
SHA512

5f88195d3c6f9dd7cfbe9d50e13b99ba24dbac8ea8cd4ac9294bcbcd5bf760d272c5afaceaa5dd7f37dd538f6419fb0d23f50f763627bab6369506b1e6ece1dc
SSDEEP

98304:LhwSfKFGr6OtN7zTmgPG2exz5cLbanfBJDQk+E9cPZZbK:Lh/LZFo5IanfXDQk+E5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9.exe

Files

362697c95a1c9964af1ab23ddfc29b04.bin
.zip

Password: infected
7298b43de9d8dc586ce35f452e67b98d234c2b005648ffb7e6a21bea06a8dcb9.exe
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 2.4MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 130KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ