e016a623d21399e3b17f7380660030157b67a989b8b56aa9b066bffe4d5077d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e016a623d21399e3b17f7380660030157b67a989b8b56aa9b066bffe4d5077d0
Size

1.0MB
MD5

7cb40cc1239d16de808c7fe3dd26a72b
SHA1

d92c5dfcbdb062f76245658a875adcd0ff0d5686
SHA256

e016a623d21399e3b17f7380660030157b67a989b8b56aa9b066bffe4d5077d0
SHA512

7cbf1de46d18de6608d58644e22e04b3c8f9b410467a9ce70239f787844941d49561f088128c828ffbb6b3edb6f156a5fd0140e6fe25bc9e0051923d4ec35e87
SSDEEP

24576:W1NCX6CueLxZntZ+MJlyYl/Or2uOj0wLXb4z2deG2/kzp8xqWR:W1ot5lSiFLXi2YXMBU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/Assistant.exe	themida

Files

e016a623d21399e3b17f7380660030157b67a989b8b56aa9b066bffe4d5077d0
.rar
Assistant.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 292KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 637KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE