01eedfb57de0f362d5b5a5fa60f447d84de662aa3cfd0a34cbadd17896632403 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01eedfb57de0f362d5b5a5fa60f447d84de662aa3cfd0a34cbadd17896632403
Size

2.4MB
MD5

14b87dc3d116499792e2f6c47127e476
SHA1

8d54dd95b520a4a23c187985382bd74679cb67cc
SHA256

01eedfb57de0f362d5b5a5fa60f447d84de662aa3cfd0a34cbadd17896632403
SHA512

777a11c9556e475c53e0259e12c63d771d5eba9f16f87c06027471b7d4db7fa5bfd8dd22574706886154fec43295bc288e09283b71f03f3f6f372a377d00a547
SSDEEP

49152:DaQ/5kgRmkU67e6Q6ckxraGBB7TBdOLJ+FV6:DJ/5XwkU67HWkpa4RTBdK+F0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01eedfb57de0f362d5b5a5fa60f447d84de662aa3cfd0a34cbadd17896632403

Files

01eedfb57de0f362d5b5a5fa60f447d84de662aa3cfd0a34cbadd17896632403
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ