8285b379efe5552825be111741d61aff28eefc68ef11f067bf8a38cc9cee7ef8[.]exe | Triage

Sharing

General

Target

8285b379efe5552825be111741d61aff28eefc68ef11f067bf8a38cc9cee7ef8.exe
Size

2.2MB
MD5

f536edc7b6b105f067e73c6f40cad0ea
SHA1

1fa4dd14c1fe42f4237cde48dd5547a86d3811e8
SHA256

8285b379efe5552825be111741d61aff28eefc68ef11f067bf8a38cc9cee7ef8
SHA512

71947eb342815242edb82f9dfaed71a05379ccdfe506a8de026794b69fcdfd1cb1a73e61a038df590e98aacc991886fad252d939cd9aed507b43024eacb5d09e
SSDEEP

49152:3VfFSKW9l8yHfmqM14qSpMMcgBxnXk0PBt3DMno1f+LvwKrI1wZG4plPDH0wULuP:l9D0iyHfmqM14qSpMMcgBxnXk0PBt3D+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8285b379efe5552825be111741d61aff28eefc68ef11f067bf8a38cc9cee7ef8.exe

Files

8285b379efe5552825be111741d61aff28eefc68ef11f067bf8a38cc9cee7ef8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ