ca6c1dc5ff20f4121062655144f9fe9b6014e440ca96dd1ca55b1a7538d2d9a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca6c1dc5ff20f4121062655144f9fe9b6014e440ca96dd1ca55b1a7538d2d9a1
Size

4.1MB
MD5

a12a933ca168cd7d95a31f324e0db2a7
SHA1

913b00d3858e552de7bcf2bcce6e2d534b849237
SHA256

ca6c1dc5ff20f4121062655144f9fe9b6014e440ca96dd1ca55b1a7538d2d9a1
SHA512

af299a754ded09a012644c88dcf12b9ee2307ffb84abcf1a181891741c81d95efb3552494978332fa7247ad6ee1b4f4397d05e0e1856cdb702bc88f8cfb4f054
SSDEEP

98304:00sDgm1lpjhIcvnCzILNEVVUO2pxyNWl7wyptPVJt9:00WgGf7Ly0O2WWl1ptdJt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca6c1dc5ff20f4121062655144f9fe9b6014e440ca96dd1ca55b1a7538d2d9a1

Files

ca6c1dc5ff20f4121062655144f9fe9b6014e440ca96dd1ca55b1a7538d2d9a1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 452KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 928KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ