Loader_protected[.]exe | Triage

Resubmissions

19/09/2024, 20:11

240919-yyl6raydnr 9

Sharing

Copy URL Twitter E-mail

General

Target

Loader_protected.exe
Size

8.8MB
MD5

1dd65b213b477a1ee925759a6a79212c
SHA1

940a465afe9b8cb15b5a30f3ad601e6290fada8f
SHA256

0d70a6ac741facb2fe2093b31ef065603f568803d00f693d9e349e4400676b1a
SHA512

e4c41a1b754ed3239d01d3d481d6fddac25d6f02b23b8c4eb1f75987f07121f347255acc9a56dd9a7f0cfdd757acfa83f8bbdd7b84f80475822c2cbc267089c2
SSDEEP

196608:MeaiaI8hYRyjuKs/j31zIgPPXfLut9BgQeHXbb5XWEnBIh:MYaRYRKu73JrXTO9+hXHxTB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader_protected.exe

Files

Loader_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 12.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ