fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef[.]exe | Triage

Sharing

General

Target

fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef.exe
Size

3.4MB
MD5

08babe47a702361d04e2ada7c02b00cd
SHA1

f2b3d863dfd2046acda704948c5f1402abefe66c
SHA256

fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef
SHA512

f5af9a0fdd9c44c8d18435348942d0138fb34875d1038f15623fbdbebe95d5f87485d8c31abbcacf939f198091adcf70b180a3388154afebec67bd5e1b50ff5f
SSDEEP

49152:6tKSwRhZ2eDztBs9LE1zsvDc3aRtT/coRAmpsMQHBaGxx9EfaaIPl9PVnZbZWhzc:xR1W9ozScacvdx/aIXPVnZCKwrb+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef.exe

Files

fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 167KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 100KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ