PremiumPorn[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PremiumPorn.exe
Size

7.9MB
MD5

2256af30cdc25ea1dbed427cca85f563
SHA1

7080fa2043f5f9b5d8cb73e4dd0fb1689bccaa8e
SHA256

cd32f92bb7396f1d4f2141b07315e9c4aa56400d4b9f775e3bf298c5cdf9e107
SHA512

3298b7bd305ddc90d23e021cab089c3751ca28da753780b1e952ba18e82807a25adf3d24bf4f21de207e0c1c17dc8cd65bf33653bb97c28323a7a1fbf1a2540b
SSDEEP

196608:p+hLDeF/Re4A13vVTYma1AFn0zcjj4OAmbbgWP3Ig2Id:shOBRzA13vqcFvj4qbx3T2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PremiumPorn.exe

Files

PremiumPorn.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ