ModMenu[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ModMenu.exe
Size

7.6MB
MD5

72e9058f566de06c98d2d843c703b957
SHA1

60849a54d182404d5facecdf5b8e2ba3caa63fff
SHA256

d33b0bd0a76242194457b332b0e825d2242c45d69f9f555dbe994b1aef45fe21
SHA512

c2bb73c2f2d6f0bc1bd0dd476ecd1fbf98cc93c3f5a2554590db94bf782d45953a574e93e75d3e0e90254fc495dfb9b1c3473b170129d712a1fafd0b9ea34581
SSDEEP

196608:H8sS9dNHISnkGwNCh9UweuMpTvMULZwRjgW4BIhJUBQAg:cscpISnkGwNCh96uMpgz4BIhJUQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

ModMenu.exe
.exe windows:4 windows x64 arch:x64

Code Sign

07:d9:75:98:60:2b:9d:83:57:a2:b8:96:01:bf:e2:5b
Certificate

Issuer

CN=Amazon,OU=Server CA 1B,O=Amazon,C=US

Not Before

25/10/2021, 00:00

Not After

22/11/2022, 23:59

Subject

CN=epicgames.com

58:c5:e8:0e:99:3b:97:a4:ea:1a:bd:bc:ea:c4:12:26:af:d0:2a:78
Signer

Actual PE Digest

58:c5:e8:0e:99:3b:97:a4:ea:1a:bd:bc:ea:c4:12:26:af:d0:2a:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.init
Size: 178B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

07:d9:75:98:60:2b:9d:83:57:a2:b8:96:01:bf:e2:5bCertificate

58:c5:e8:0e:99:3b:97:a4:ea:1a:bd:bc:ea:c4:12:26:af:d0:2a:78Signer

Headers

File Characteristics

Sections

Size: 2KB - Virtual size: 3KB

Size: 4.4MB - Virtual size: 4.4MB

.bss Size: - Virtual size: 3KB

Size: 512B - Virtual size: 144B

Size: 20KB - Virtual size: 20KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 27KB - Virtual size: 27KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 3.2MB - Virtual size: 3.2MB

.init Size: 178B - Virtual size: 512B

07:d9:75:98:60:2b:9d:83:57:a2:b8:96:01:bf:e2:5b
Certificate

58:c5:e8:0e:99:3b:97:a4:ea:1a:bd:bc:ea:c4:12:26:af:d0:2a:78
Signer

.bss
Size: - Virtual size: 3KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 27KB - Virtual size: 27KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 3.2MB - Virtual size: 3.2MB

.init
Size: 178B - Virtual size: 512B