a708486b10e2f255431e30ae48d45f87[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

a708486b10e2f255431e30ae48d45f87.bin
Size

20.1MB
MD5

a708486b10e2f255431e30ae48d45f87
SHA1

fdc20ee30f9ed932832ec7a977c35d177446a449
SHA256

0d91dbb000b20c50058e75f056d4786b937db184d447bb498de7a0b47cf8168e
SHA512

27e9b474496e45b1bb66c27c971a09f8a3947c12f522246b974339973522579724d0e90f20a1d64ce736cab1f88a4746455ac77cff255498eb209e276e283e7c
SSDEEP

393216:UoRhM+Z/P4p1IEyfgME4aiYhofvnm5fg0VRPDbNJZv4aum3da6:UyltPyCoMEJi8oXOrD5bNl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a708486b10e2f255431e30ae48d45f87.bin

Files

a708486b10e2f255431e30ae48d45f87.bin
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

qt_startup_hook

Sections

Size: 6.0MB - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.6MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3.4MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.0MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 6.0MB - Virtual size: 12.9MB

Size: 1.6MB - Virtual size: 4.0MB

Size: 27KB - Virtual size: 255KB

Size: 584KB - Virtual size: 584KB

Size: 332KB - Virtual size: 331KB

Size: 512B - Virtual size: 292B

Size: 3.4MB - Virtual size: 3.9MB

Size: 3KB - Virtual size: 6KB

Size: 4.0MB - Virtual size: 4.6MB

Size: 2KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.themida Size: - Virtual size: 7.2MB

.boot Size: 4.2MB - Virtual size: 4.2MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB

.themida
Size: - Virtual size: 7.2MB

.boot
Size: 4.2MB - Virtual size: 4.2MB