51da22344eb88f90613c1260e0767883504220eb087af4051296724170ad0271[.]exe | Triage

Sharing

General

Target

51da22344eb88f90613c1260e0767883504220eb087af4051296724170ad0271.exe
Size

4.5MB
MD5

faeb91bf5a7103468d164959ba3f0974
SHA1

8edb3aa7c02a6d6ef72034906d9ed233ad8de0eb
SHA256

51da22344eb88f90613c1260e0767883504220eb087af4051296724170ad0271
SHA512

09ca0174ab748ae2fd4fbae87ef3bf3d284112b365687abff91da6e3e03a4418e780fefa576ee5df058f50426c9fd3a8a09a6bc5110f2f0b877e8d5b65c8cbbe
SSDEEP

98304:9wNq3cmCLbLxPplbkajaf5I7tcZVu+Fajxkl9L9jmvXBl80VQNrT1e7asbJ:sTLxhlbka+O7tc3FsjxcJSvAYID0J

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51da22344eb88f90613c1260e0767883504220eb087af4051296724170ad0271.exe

Files

51da22344eb88f90613c1260e0767883504220eb087af4051296724170ad0271.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 18KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 783B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ