776ec634711e1b650095e00ccefae3e5c78acf2a5201f90372ed5eb34bac203c[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

776ec634711e1b650095e00ccefae3e5c78acf2a5201f90372ed5eb34bac203c.exe
Size

1.9MB
MD5

45fca8a3ca39936bdd86efc4ce4e1992
SHA1

c81919c68d2fd294bddb265686259934b686be42
SHA256

776ec634711e1b650095e00ccefae3e5c78acf2a5201f90372ed5eb34bac203c
SHA512

3450c1053e6837a2654a80b195abb6af36079d38e3fc646069c30acda288557c6a868b2a3826e022e30e30c843d610a8b54089f20b1245da9a1f8b03499638d0
SSDEEP

49152:MbgGuB/JFKjspISjvgUUvn4E19oh3l8OvPEHl:MzuKIp3Q/4W6oOvsHl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
776ec634711e1b650095e00ccefae3e5c78acf2a5201f90372ed5eb34bac203c.exe

Files

776ec634711e1b650095e00ccefae3e5c78acf2a5201f90372ed5eb34bac203c.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 84KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 684B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 580B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ