4c4ad3168ff823c050f984b5e2c69810N[.]exe | Triage

Sharing

General

Target

4c4ad3168ff823c050f984b5e2c69810N.exe
Size

2.5MB
MD5

4c4ad3168ff823c050f984b5e2c69810
SHA1

5e802e2f209c9f19c2fd8b7d5094317bad4cdb29
SHA256

d8b6e5f27f7c466653896bc2e66519e3f3c358d0e715ebdc30f132cfe01f5891
SHA512

4477b36dbfbccc5aaa96a8bec3a159339251dbd22141e899aa4e1f7b58c8d89b7d44a52c6d1e7b38eba7ff91882cda73f8a6087df672370d2d9038de8836a237
SSDEEP

49152:JxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxR:Jxx9NUFkQx753uWuCyyxR

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c4ad3168ff823c050f984b5e2c69810N.exe

Files

4c4ad3168ff823c050f984b5e2c69810N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ