SilverClient_protected[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SilverClient_protected.exe
Size

4.6MB
MD5

8fa812cc02e5d648f2d60a1f1eeb8727
SHA1

4e4eed1232412064b2b01a493a2908fd8da2b808
SHA256

f040d0e0a5f3245d077d655f7e41946ae36d9d4802d78409bf918767470df327
SHA512

a68bca5499b7174f1fe204a2cec4750b2d2fb762746b2d086520f9106af4214c9662d8f3f22a6d3a6c0f01d725b49a83735d8eb71a97fdf79ed06f8557c060bd
SSDEEP

98304:1SkIYhbs9wH/oztYaU5SZOUFZREl3Y4NsJfPVMZWaD9hOloObpO4dgYktD:EOywoYafZO4ZR2MnzaD9Kon4dg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SilverClient_protected.exe

Files

SilverClient_protected.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ