3a0ab5c065a213ec77176d5a29720d5b7254a89625b6caa53507c8456f0be456[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a0ab5c065a213ec77176d5a29720d5b7254a89625b6caa53507c8456f0be456.exe
Size

6.2MB
MD5

a6f124515524bab5cabd4e749df9770f
SHA1

b1929abb6f538c636bf4210a173678bde64614c7
SHA256

3a0ab5c065a213ec77176d5a29720d5b7254a89625b6caa53507c8456f0be456
SHA512

e8c48ba0087460ccf5da71bdbec440c3dd2b260913552a332ef3c3c22a5e294672b3b1cb4f77db612b97e96d5f27e16f8e7190571c96db4efbacdf3256e3043f
SSDEEP

98304:vk5b0H4+DGmnxx8g8Noib+Ug1E4fKcHzLBsbGsLlyndn8S1ad3dWpELfxl6:vNHJx8Wib1gY+zuPLMdb143dWObv6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a0ab5c065a213ec77176d5a29720d5b7254a89625b6caa53507c8456f0be456.exe

Files

3a0ab5c065a213ec77176d5a29720d5b7254a89625b6caa53507c8456f0be456.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 828KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 226KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ