a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4 | Triage

Sharing

General

Target

a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4
Size

7.3MB
MD5

f80dadc61dd4a914ce96139252df0aba
SHA1

ad8785e358f14f80083ca386b9505fbfa066c4b4
SHA256

a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4
SHA512

084a10db94dedf772f6ac6b964f13c0279b7fddcaadd69187ca50d994a7a83b143d02d3b5d0cd9c9102b34b5ef7f48a5db355cd97eddfb6e28ae22e3433f963e
SSDEEP

196608:H+23b3ntL9L2M8VKXGqIeP3ljBBFNzi3RPKLxhnZKW:H1Xd9L2M8VcIe1jARPKLxhnQW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4

Files

a9a6ae77b932e1628624f62af917e2487e1db8d318be8466e0c41adf5c79f0b4
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 408KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.1MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 68KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ