6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0[.]zip

General

Target

6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0.zip
Size

8.7MB
MD5

177a868778ea56c79ee409c979e1f276
SHA1

2776d3294be91cc252ed5cbe7d699b24f2e418af
SHA256

2fd280ab8f9ef860843debfda9842c445df48ead601bb92c611b884a04fea202
SHA512

f06dd2f7de7cd7e3d4992919eea8ebc8f351ff354c79056532e30a17b2c66085be3791201748a2191451da9e9a6b1119c8f5f011af08c5f8ece6a062787affa8
SSDEEP

196608:wGLkGWgLsspzfYRp/kRtPdjGp8gx9iZJL/c4Q0IVXk4x/A+PRidly5zvj/z:dOAg4zPdip8Sivc4Q0IVXFx/AGyl0vf

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
static1/unpack001/6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0.exe	themida

6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0.zip
.zip

Password: infected
6acd081ddf2683294dc75bb6eecd6bad5480d822b425043f245daab1970a93d0.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 335KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ