4bb8a2bcc007cc041fe3c03c25453920N[.]exe | Triage

Sharing

General

Target

4bb8a2bcc007cc041fe3c03c25453920N.exe
Size

3.5MB
MD5

4bb8a2bcc007cc041fe3c03c25453920
SHA1

e922394a6f90243985b305efb9e4caed04483d40
SHA256

9b90f637ef1988d0b812882cc1455f1ca87b8eef2017d92ec438734b02eebe36
SHA512

40cc3a02511bd4b899824aeb70867218220f7797e100daf625b364f899ec3c58d8c129fe0b17c445683e0968beb5abc25262707fa074f9ef85b26da31cb7cddd
SSDEEP

49152:k9bxPRDP0fHuNSeZUZzWHehOQ1750lGurq4bx67oICjhTLCUA/bIHvWdW9dX8dvz:m5Rjb1Zc/hOQkvq407ozFmAeW9Wvz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bb8a2bcc007cc041fe3c03c25453920N.exe

Files

4bb8a2bcc007cc041fe3c03c25453920N.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 89KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ