8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1 | Triage

Sharing

General

Target

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
Size

7.3MB
MD5

5b39da89cef02591bdfc96eed43e34b6
SHA1

c2c1842873833a9b98adf4c9bdc334f663246678
SHA256

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
SHA512

4ca2178b4fda5c5c8e97b9dad698dd7e28e649cdbed2fef6004c00342e48b9705ac7cf6c6fba42db009ab95b87717dcfaf6517e4a65a32b60b5de5d842cd3b0e
SSDEEP

196608:jrb05sUTRv8hGEn/nqh9tJgSWJtjr5Je9C:js5sUBWnniVvWvjr5Je9C

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1

Files

8df9f7743024becf75a5e60a62150a30e9b412b3194b6c3c845ff4000c6f8bc1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 408KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.1MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 68KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ