d3919ee38d414995b5d77f76c9491b60N[.]exe | Triage

Sharing

General

Target

d3919ee38d414995b5d77f76c9491b60N.exe
Size

472KB
MD5

d3919ee38d414995b5d77f76c9491b60
SHA1

364e9d763ac8c80efd6c84b9d44dcf7e79c88f7b
SHA256

5e84bae5696d65f852746a39416bbf77e4af9c42562c9b945e49fb79d7f36e27
SHA512

904630adf00fad47f145964b4823dc843cb0430a55143f02d41130e05ed86e9233871c09a1cb1a242cac3242ed21e82c6398b2a2c5f85c9333093e2141893969
SSDEEP

12288:7pxiviXZ2egclzBK6BJZpWskPhIMjluC61XAnc:txlXZ2egcbK6BlWlhxaH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d3919ee38d414995b5d77f76c9491b60N.exe

Files

d3919ee38d414995b5d77f76c9491b60N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ