f5dbc25b8dfe2478849edbab930537d4d834f7ce1794593506134a2c9e368174 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5dbc25b8dfe2478849edbab930537d4d834f7ce1794593506134a2c9e368174
Size

3.1MB
MD5

412ce33558911daa1d0e60fdbfeac74c
SHA1

bc065dad4913cb0b1364a3e3e6de819cc431647e
SHA256

f5dbc25b8dfe2478849edbab930537d4d834f7ce1794593506134a2c9e368174
SHA512

ecdf97d8792622b0d767772ebfd166674bfbefec8427fcf3f845fdeb574082b6da53c32a1b16b05f5de4a42d6a00528e49a7dd90a2e32a8038ae45ccd04d6ee3
SSDEEP

49152:3t1qm0HiLoCWhEuKuYB3WmBfBYjKzdC0jMLdidYejao16Q29hBQVwZjSF+Jn:9B04oCWhdfyBddCNLdidtv6Q29hCV4x

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5dbc25b8dfe2478849edbab930537d4d834f7ce1794593506134a2c9e368174

Files

f5dbc25b8dfe2478849edbab930537d4d834f7ce1794593506134a2c9e368174
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 272KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 204KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ