python-3[.]12[.]3-amd64_protected[.]exe | Triage

Sharing

General

Target

python-3.12.3-amd64_protected.exe
Size

8.6MB
MD5

328626049b23e7d5fbe12f9503853d53
SHA1

402ca69107944196f421a16ce3be363a0f4e991c
SHA256

96eb67eaf4d600885d149701f7b720f004a1646775a179e77e8706762405e921
SHA512

5425ef358018a66977e711bfa2a794c725bd153df5989cae52419115c981ce94cc15b6ae826c42d786aa3363151d9c051ae53407ab5e07fcc7365ef054b03c91
SSDEEP

196608:VGjSZs4BJq1Ey1FJrMwM/RAWOY+3uWjNyWte7c:VXZsI0F5MYYjWjM7c

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

python-3.12.3-amd64_protected.exe

Files

python-3.12.3-amd64_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ