61462d7b4032d85b51b6d785cb2af70f[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

61462d7b4032d85b51b6d785cb2af70f.bin
Size

10.2MB
MD5

d9381715d9f4215ffe7b8327ebc5d398
SHA1

9772b9907d0adfa3331bd583801f008b2fd6b260
SHA256

6cbf42fa15c6a600cd780f2ed038278eb73c84f06428bced84bb53fb0438be2d
SHA512

192ea904864b45d62088dbf1fc03f2bab5d16cf6c3cce8621fb880fcde31b1ac0452c0ebbd1e1a14c3c67b20f39fd86448c3fde22e6cf680a990175fc90cba5f
SSDEEP

196608:Cnab790Bf9bGuONTI3suJrtRCAmMJpYmA7oihnm2BDHQKajAfYoTAwk1LEPsm:gaf6zb9WTIJrrrUnmsVSCAwk1LIf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/f53836fdfbaacfcc52055f87621df784e061e58d3363a7acec1136c994cf6714.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f53836fdfbaacfcc52055f87621df784e061e58d3363a7acec1136c994cf6714.exe

Files

61462d7b4032d85b51b6d785cb2af70f.bin
.zip

Password: infected
f53836fdfbaacfcc52055f87621df784e061e58d3363a7acec1136c994cf6714.exe
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 900KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.0MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 10B - Virtual size: 369B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 256B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

Size: 900KB - Virtual size: 1.9MB

Size: 4.0MB - Virtual size: 4.8MB

Size: 6KB - Virtual size: 85KB

Size: 36KB - Virtual size: 60KB

Size: 10B - Virtual size: 369B

Size: 256B - Virtual size: 432B

Size: 3KB - Virtual size: 7KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 7.4MB

.boot Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 512B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 8KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 7.4MB

.boot
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 512B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 8KB