c1486f7d6f4eb24a73a36a0a6740ad29011ca0b958a5a88197593a2538f65829[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c1486f7d6f4eb24a73a36a0a6740ad29011ca0b958a5a88197593a2538f65829.exe
Size

8.1MB
MD5

64e3bea4a36f3eb721e499c0a4bb1b6a
SHA1

7713111224ddef1e7f4ca81f1f8229cadbed446b
SHA256

c1486f7d6f4eb24a73a36a0a6740ad29011ca0b958a5a88197593a2538f65829
SHA512

5bc21cfb2ef6174c96a5d9d8ed9ad8ace80450bfd7d15927ca6be898b3276f74c4a53b90a3d503e46ad251696d9c42cd4e25d593f70f7b483c0aa511c99b611f
SSDEEP

196608:5SYDx1MlmD5Mrs5O+g2J9cTVZhsPGCH5N+b6c9Zpsn:8mxSlw5MrMOqJ9SOT5S6cVs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1486f7d6f4eb24a73a36a0a6740ad29011ca0b958a5a88197593a2538f65829.exe

Files

c1486f7d6f4eb24a73a36a0a6740ad29011ca0b958a5a88197593a2538f65829.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 27KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5.1MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 266B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 366B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 105B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 27KB - Virtual size: 67KB

Size: 4KB - Virtual size: 10KB

Size: 5.1MB - Virtual size: 6.8MB

Size: 266B - Virtual size: 408B

Size: 16B - Virtual size: 16B

Size: 6B - Virtual size: 16B

Size: 366B - Virtual size: 848B

Size: 105B - Virtual size: 120B

.imports Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 16B - Virtual size: 4KB