656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47.exe
Size

8.7MB
MD5

8b8262ee5164a7cad79367a6a7e5d1ad
SHA1

043f4ab26eb710aa336e0cac2868311407d360e4
SHA256

656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47
SHA512

b92beac1eedacd24e4bd0cf5fd5c1d75be2e59a5ff478e084afdbdc2a6324dd82cced1e0bd5a1df7c7d2abb5be7a83a33a6cdca5298370ef0f9df8ad90be6dc3
SSDEEP

196608:vDA4AqUb+3ahxQgpRdGOWPcwYXJ6Ii+CeaoLP2D+los2o2hT2rkOs:vDA407hxlpmOWPcT5VTCdmuD+DUhmE

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47.exe

Files

656feea079f74b94c31e4ad4fcdb2cb0b6c4f61a861db5084af2857c6a456c47.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 18KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 18KB - Virtual size: 35KB

Size: 4KB - Virtual size: 8KB

Size: 2.7MB - Virtual size: 2.7MB

Size: 512B - Virtual size: 408B

Size: 512B - Virtual size: 16B

Size: 512B - Virtual size: 16B

Size: 512B - Virtual size: 848B

Size: 512B - Virtual size: 120B

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.themida Size: - Virtual size: 9.0MB

.boot Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.themida
Size: - Virtual size: 9.0MB

.boot
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 16B - Virtual size: 4KB