b8eb24fe5a3d034ef08f406c6989f50c24be81c99e84aa3917abd19248d20cf8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b8eb24fe5a3d034ef08f406c6989f50c24be81c99e84aa3917abd19248d20cf8
Size

6.4MB
MD5

d3049d489a3cfef3cdd21899c6ae0e4a
SHA1

ff6de7720c02d5908a28d81536fa43fc5ead4295
SHA256

b8eb24fe5a3d034ef08f406c6989f50c24be81c99e84aa3917abd19248d20cf8
SHA512

fc8c56e2e2c7ffcca4129afb96a27c92a43e7f8387ecf8df49c8b28d7894b8dc904f03c4b82ed5fd3efeed30be037aa45b1ca928fa6042e7bf863e923be3cebb
SSDEEP

98304:nMU8Rg2EmDc0DGiRDGhtBtHKb85jg8gJQfg:4DD/EjFs85jgTJwg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8eb24fe5a3d034ef08f406c6989f50c24be81c99e84aa3917abd19248d20cf8

Files

b8eb24fe5a3d034ef08f406c6989f50c24be81c99e84aa3917abd19248d20cf8
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.9MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 192KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ