无害_protected[.]exe | Triage

Sharing

General

Target

无害_protected.exe
Size

6.4MB
MD5

617d7e84ac9e7c4cbedba55ced5bb5a2
SHA1

2d9b72a58083cd74f4bd807d01cf184d65f07af7
SHA256

d034874dfb3d1ee5a2a8c7cff1959c9a02c5b3c812e9dba87690faee7a5205fa
SHA512

4dfe2970dc80d6f7bcbfa224403b688c6d01f5d72c898e601da95f1189b81451dac51d55842348286dd28c2058748eb3ed28c4ad0a60cf472c3ed71867fdea2e
SSDEEP

98304:NL3DiZ2oVX3iK62RPbT14vInBQ1kyToUa+iXX+XlkUiYFH//yfpoG87UeibVcgl:N822bzuvIngkyTdS+XQYp/Spn879Lg

Score

7^/10

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

无害_protected.exe

Files

无害_protected.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 63KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ