9c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

9c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b.exe
Size

12.6MB
MD5

dcc89dc902dbd986d31e1daa11984a92
SHA1

70ccec2f468fc2015094b5479a5bffb83ad46dce
SHA256

9c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b
SHA512

ac0ba533efe438aa36e5e59d2a05157ce0a48b87a2ad221d3b7d70075d1105258b9867918e294e4d275649d69b345552cd8827307874d64f53c0371a14a86df9
SSDEEP

196608:te8dljOTN7oL8MxYDrbFgIQCJU4bhqqahOYXzXjVRkhO7jwDVhxsNU7Jt5ehcCqh:5aJ7Ixk3RJU4Qqa9jVi7JhuNUJl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b.exe

Files

9c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 1.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 444KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 99B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 7B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 15.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.4MB - Virtual size: 3.5MB

Size: 1.4MB - Virtual size: 3.5MB

Size: 444KB - Virtual size: 1.4MB

Size: 99B - Virtual size: 1KB

Size: 16KB - Virtual size: 72KB

Size: 7B - Virtual size: 4B

.imports Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 15.2MB

.boot Size: 9.4MB - Virtual size: 9.4MB

.taggant Size: 8KB - Virtual size: 8KB

.imports
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 15.2MB

.boot
Size: 9.4MB - Virtual size: 9.4MB

.taggant
Size: 8KB - Virtual size: 8KB