e014f2cb243df6f3fe6ac5119caed9db8997e25cdd565eecb6a5d809b46a2db1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e014f2cb243df6f3fe6ac5119caed9db8997e25cdd565eecb6a5d809b46a2db1
Size

5.3MB
MD5

a01c035bca9e1659ecc32c8c7373f0f6
SHA1

d26b6cf6591e0782101909c28a67150d56c3e654
SHA256

e014f2cb243df6f3fe6ac5119caed9db8997e25cdd565eecb6a5d809b46a2db1
SHA512

d96fe312c912778b7bb6439e1cce183e53e3adb53efcbfa7e0343e3546ba272e70159b5246f484486cd76012a48c123978b91ae71e6dd22ae06ae66f0084a38d
SSDEEP

98304:sUcpaO8GMgkOEV6PFpTUN8iGnOJfhU3wZnkU9xgtqQUR0jt9iWCoOXm9:sXheZV6PTTU4RwkUQVyDoUK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e014f2cb243df6f3fe6ac5119caed9db8997e25cdd565eecb6a5d809b46a2db1

Files

e014f2cb243df6f3fe6ac5119caed9db8997e25cdd565eecb6a5d809b46a2db1
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 98KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 51KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
keylogger.pyc