af28c04f796374b21521aeb2ea9c9c12b6f468d58ebe306838836dc5d9f16f8f

General

Target

af28c04f796374b21521aeb2ea9c9c12b6f468d58ebe306838836dc5d9f16f8f
Size

21.3MB
MD5

d3e62cc6b4fdba014b6ae717e9aba0fa
SHA1

a890d1cf1b3706ad88ea1adb327d6eeb3cf960e0
SHA256

af28c04f796374b21521aeb2ea9c9c12b6f468d58ebe306838836dc5d9f16f8f
SHA512

b5921fe2ef3df42ae50d8e0a65ddabd91a1a15354e2daff5acfb25896d476b94c47a2412b30a7649212fd4ade8cc46d2c937149bf3bce3a89007aed83d9664f6
SSDEEP

393216:yIXDljvF01ZSCH0P2HLmkEpTnMbHfKZ6VWGRm/cwtv3HJsIZ05mvl0jTp6ZvY4cy:/N0ni26kME/KZ6VWGRmkwtP6cmmtq2vN

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/72e1fc6da0a5cfca80413b8b24a880b0688908264971cfedaf079ee52ce4d850.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/72e1fc6da0a5cfca80413b8b24a880b0688908264971cfedaf079ee52ce4d850.exe

af28c04f796374b21521aeb2ea9c9c12b6f468d58ebe306838836dc5d9f16f8f
.zip

Password: infected
72e1fc6da0a5cfca80413b8b24a880b0688908264971cfedaf079ee52ce4d850.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18.0MB - Virtual size: 18.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ