LisectAVT_2403002A_145[.]exe | Triage

Sharing

General

Target

LisectAVT_2403002A_145.exe
Size

3.4MB
MD5

c63208edec9ea3fedce69f7f480d5e85
SHA1

43baa246c4a64c05ab10e2f6599c2872c90dca34
SHA256

7511c1d5674a64f3420a0e4cdc20ea081e60ef5caaba1a1fcbcb47bf8dc3c44c
SHA512

09b5e2ef9eefa917eff3c8e38e7313f4605f3c20c6be763cef484ba964e1592d43586436e97b0f91e0ea4e3980503180a7d8353da73c525c5267a4bef1c8ea63
SSDEEP

98304:o0coz/i2vMi9g9i/LJFiFz0ssXKIthTuUcoOSVJnEt:o0cE5v19gGLJ0FzIXKmhOfUJs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
LisectAVT_2403002A_145.exe

Files

LisectAVT_2403002A_145.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Size: 34KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ