Client_protected[.]exe | Triage

Sharing

General

Target

Client_protected.exe
Size

6.5MB
MD5

19574d1c471ceaa99d0d05321e7beba4
SHA1

9c192eee06421e8a557b0afe0355545bae5366e6
SHA256

df606ef08b80c10d12a7372505f51e2641b263ded0280edcaf9085e7419b5f3e
SHA512

b73a16cd6f529cb8688b96f7039cfbca49c191b32b2240b56681125a4f8f63ceb625ae0077d1a845319f1a035524f314c95c3ef259cc7d284d7b557460db3244
SSDEEP

98304:ytpOyr9VNf1P2tLnkJfA5Wmon5miZlE5aJ4aoAqq1k4MjNU+3:Z+jZ+5NgFbMy4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client_protected.exe

Files

Client_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Size: 33KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE