9f29c77a2e2ea12feeb3d42e6389eb30N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9f29c77a2e2ea12feeb3d42e6389eb30N.exe
Size

6.8MB
MD5

9f29c77a2e2ea12feeb3d42e6389eb30
SHA1

928415ec0d12ee0e209f01a14f472fe8c780811e
SHA256

7fb5890ce4c3a679ce627edf0d4b807294690b310589a214cc04b04296fe0da0
SHA512

14d12c9bb18a4f5742d2d7e53704f8114b3207a0b4a1df21a3213bea72f39db7b2b90ef5756599e56023ab0d00619755d11526242642d4f0e7aae59d568e33ad
SSDEEP

98304:FvoXTz1gTu+aLD/vG4khBt61MVuKM+cacTIGt8YvtMN0/K4Q2GdGekAnfN4MXU1n:mXTz1ga+aXtja2t8YqF2GuEfOMXU1n

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f29c77a2e2ea12feeb3d42e6389eb30N.exe

Files

9f29c77a2e2ea12feeb3d42e6389eb30N.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 640KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 96KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 191KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 41KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ