Update Check[.]exe | Triage

Sharing

General

Target

Update Check.exe
Size

4.2MB
MD5

d53d1f00ed58f99f59822c2d2d544010
SHA1

0b7044e63ad051185cdfac92e23ce85af8faa9c8
SHA256

58638ff7af545a8ddf3d05ec44b916de2f6e5e3a3d9ed1d9ac95c43737b3d974
SHA512

4fe5428921a60bd4fdb5f91a4a0e35d6656f14071a2841a254523e04608cc89b79662b538e5f34aa157540fd87efd98a34be8bf662e2f5ed94abd85fc3f3b9e8
SSDEEP

98304:SelujKJAy3ppt06bZmCOHDujxBJSjMgL3+ylLGEeU4uz1P9zz9Izjhed:SZ1yZpt06NmPjuBYAAOylLGEeRy9zz9r

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Update Check.exe

Files

Update Check.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 26KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 650B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ