Forever21Perm11[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Forever21Perm11.exe
Size

5.8MB
MD5

ec7f5f8167ef709b5b5875c789be9f3b
SHA1

d2343a1a91c478aad3f32e4ee63a86533ca65678
SHA256

e2ce7c7a46d9ddaaa654d451738b30ace8f87e7e4a6dbd0dc1ddf963a85c9866
SHA512

09f8bc35c2105245c9b485a3efd3b92311f7c06ddcbc5b73cb32b398811afdd58741bd5c0e6ba26a253b91a18ecb32e2224e6a34956d8f7d51a65243d901006d
SSDEEP

98304:LTjFNxyfneXryNOi3AeUmLCCpxEGj+MY9UaFEEDPGQvZ0xoHzYR86w8PZtc8KKsK:LRyPlhUJkEmbcUaSxoHza9tIKDup

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Forever21Perm11.exe

Files

Forever21Perm11.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 160KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ