1d17d05213956ef8f0e8aff92a7ba9f0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d17d05213956ef8f0e8aff92a7ba9f0N.exe
Size

3.7MB
MD5

1d17d05213956ef8f0e8aff92a7ba9f0
SHA1

2090ef288423936cad0c542b864c79bb51669f42
SHA256

4fb0551844606b655f3e4406a0a64734134a66574916782b41ee16fe959983c5
SHA512

dbe7e9ecda400042f78f892e4e72ad635c4de6021551e98d59df9530520f5e50bb0297283e1029edff2b5c84cb9840df0eef3dfab26ddd014d79439ded4fd415
SSDEEP

98304:06fE9JjxicOLFmbi1Xf0jU34RwYzKnv0:0BNiHmbQv+U34Rl+nc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d17d05213956ef8f0e8aff92a7ba9f0N.exe

Files

1d17d05213956ef8f0e8aff92a7ba9f0N.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1009KB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 87KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 23.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 19KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ