666e13fbba5a25efa3db27d50ed52560N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

666e13fbba5a25efa3db27d50ed52560N.exe
Size

2.5MB
MD5

666e13fbba5a25efa3db27d50ed52560
SHA1

c2a21beb9d2a2b6cd636b9895182f64650a01f50
SHA256

eada4fff17ee54626ba1e0c477460dcaba287625e91f8e6348d9bd43d737cd50
SHA512

bce281d6c50ce320939ac1080a1184d11f2e6b1a3ddd1c85a28a57bdc8391e0290bf74c577b1d40874d6dd2bb883c54c4040ce1718361cd8a5a46dc11ef9c775
SSDEEP

49152:PxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyx4:Pxx9NUFkQx753uWuCyyx4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
666e13fbba5a25efa3db27d50ed52560N.exe

Files

666e13fbba5a25efa3db27d50ed52560N.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ