498e1dcce8dcb7accf833894ea2abc6e6c85bfbcfce4b740170f55792dbe2583 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

498e1dcce8dcb7accf833894ea2abc6e6c85bfbcfce4b740170f55792dbe2583
Size

14.4MB
MD5

83afc3449ec1062404cb10057df83eb5
SHA1

c32eb0135739926c6d9b7ff3eb5203d107f0f997
SHA256

498e1dcce8dcb7accf833894ea2abc6e6c85bfbcfce4b740170f55792dbe2583
SHA512

12e8670a1fb9f0d415d87336cb625a03efd9c4f492934632e3ede3f9ff78536343b74921ed33d523de54c7d3429115bae29c478d43648979cdb062c86b40d997
SSDEEP

393216:wLW/TCm+iBEfMqiFW+H0h+C+tPNfMHoEvvL9uLrF4pLiX+qKVD:l/Wm+iOEXH08PPJWBXXZP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
498e1dcce8dcb7accf833894ea2abc6e6c85bfbcfce4b740170f55792dbe2583

Files

498e1dcce8dcb7accf833894ea2abc6e6c85bfbcfce4b740170f55792dbe2583
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 817KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 887KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 78KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 19.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 12.6MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ