1d8ab72d309f42c943a95baebf7900ad[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d8ab72d309f42c943a95baebf7900ad.bin
Size

1.7MB
MD5

1d8ab72d309f42c943a95baebf7900ad
SHA1

646f221f65f035e95366fd7b2294fc9c7ed01648
SHA256

e23991286435416660781c6cd4a60c29573d316ee53e1fbe8794c14dbf995290
SHA512

1db590fe4d6139b51158d233bf6bf3d46d00434d29cba85f0db55c3af1184e329f17c74543510e5a7a3be8836f072ca7a2255a6f4cc682e966a466c9029e7211
SSDEEP

49152:iTq4/Mz/31n0zcAvLUj1AfzoFaiKuslw1bXqhJQMgE:i4ZgzvLU/ap+1biJfgE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d8ab72d309f42c943a95baebf7900ad.bin

Files

1d8ab72d309f42c943a95baebf7900ad.bin
.exe windows:1 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 256KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE