baf5a4bf6c381744dc9a40d485be3011325c23c4cd57595e7f5289bd9e29ec66 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

baf5a4bf6c381744dc9a40d485be3011325c23c4cd57595e7f5289bd9e29ec66
Size

9.3MB
MD5

141898db5ee60e7fff6d70cc3b5c6d53
SHA1

96589180428073b59474688e4d3aae44b600633a
SHA256

baf5a4bf6c381744dc9a40d485be3011325c23c4cd57595e7f5289bd9e29ec66
SHA512

56752ab5c150c4e7e8d51f288d01f18aac5be32ff70b2e38cfef3e2f7a6936e2e372eb84f25085cf963b3d1f80ead8b5d132fae407216c48f9a6c8869c4c3c4c
SSDEEP

196608:tEY7BiB/cwnZi8EEHnZBU97W1bxPPXA3Z3alR9k:77YRiEHTU9Yx0Z3aq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baf5a4bf6c381744dc9a40d485be3011325c23c4cd57595e7f5289bd9e29ec66

Files

baf5a4bf6c381744dc9a40d485be3011325c23c4cd57595e7f5289bd9e29ec66
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.6MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 522KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 56KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 170KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ