a35bfc949c4270060ad50f814d1df5080b8a3a9c3fb0fd40467d15adb94f343f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a35bfc949c4270060ad50f814d1df5080b8a3a9c3fb0fd40467d15adb94f343f
Size

6.1MB
MD5

2293b96ac0a996ebe599bfc33a277ce1
SHA1

18827fdba6bce3c757dbbc0d6c40d8d8666fa98f
SHA256

a35bfc949c4270060ad50f814d1df5080b8a3a9c3fb0fd40467d15adb94f343f
SHA512

9b22f2d06093d3873046ac00604682ae0dcd597a0e30d79927ac23290f19583d3b6ae4c66ac07e80e33b99b758a6f87d9662e3af82e6076995c696d75d2b5614
SSDEEP

98304:Xyruckr5I0kJnaeprKq+RN5mt65kqzfBnSgZ2l9eWPxp+xjtjUbQ/7KU9pxBT:iSrKZnaEG5pkq7BnqJxp+VabQ/dv1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a35bfc949c4270060ad50f814d1df5080b8a3a9c3fb0fd40467d15adb94f343f

Files

a35bfc949c4270060ad50f814d1df5080b8a3a9c3fb0fd40467d15adb94f343f
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 936KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.5MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 991B - Virtual size: 939B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ