ven_protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ven_protected.exe
Size

6.1MB
MD5

d0dd63b98bf3d7e52600b304cdf3c174
SHA1

06c811a4dc2470950af1caeaa27fcc0d4f96ff6b
SHA256

023f2601d314d0fc9bd5a6992d33194ae1c71a559ac3c132406f2e0b88cd83d2
SHA512

15ebdd43e810a1c13d6daa94a4901415106a0eb5843569b6c74e47e7879d7b32605c72cedd54742d95d6eab03f41658f9db197f283a6765aed5d194a4c8bb529
SSDEEP

98304:IN5yA1a7c5z8Rlj3GmWEjH/XfxYzLgKK8o0wu1OudrlKv7G1Q6:ysN7HjPigKZpw+07G1b

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ven_protected.exe

Files

ven_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Size: 33KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE