malware[.]bin | Triage

Sharing

General

Target

malware.bin
Size

4.7MB
MD5

cf3498a5b7087f12b97f746c644bb60a
SHA1

bcb7c90fac1b84c891d54742efc3db9b64b59f94
SHA256

1469af0195b28f87817548a6063a5dd062ab2d0fd77a20b749625ccef01e292f
SHA512

8df02ec2f8aa5ff2da094adaead7c23e158f93db31d3d9ac423ec882c5a26704905f1459b917a97f00a9938092ccc35976d26e6ffab8b5f804c473bebac65254
SSDEEP

98304:WS5vaHahdYUk2TjtDRtVqDRpDv7hl+1jLPtVeNr3b:WP6Y21DRTqDb7GRVeNr3b

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

malware.bin

Files

malware.bin
.exe windows:4 windows x64 arch:x64

Password: skibiditoiletrizzler

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 29KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ