4db471bb2177b07e3f3e6140c79c1341fe0168e5dc194ea409f1126e6e7850d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4db471bb2177b07e3f3e6140c79c1341fe0168e5dc194ea409f1126e6e7850d8
Size

4.3MB
MD5

a237f07b0df32cb00354aa8e480226d7
SHA1

6f3cfb5312babc7810c9373123b00e439279b633
SHA256

4db471bb2177b07e3f3e6140c79c1341fe0168e5dc194ea409f1126e6e7850d8
SHA512

d68904932766047c79284189dfb22bfe1e2f6dbc7078e31799dd9d764d3dc77e7ae0f17942e51434c5ce0dd86a2df8990cdb17903346a615e4c45a20d4608efe
SSDEEP

98304:K/o7z2T/DwY7/zrO4ktxGRonOfFo4E2eL6lcK2wzPanNf:Kg7zlY7bVZdoco6lVaNf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db471bb2177b07e3f3e6140c79c1341fe0168e5dc194ea409f1126e6e7850d8

Files

4db471bb2177b07e3f3e6140c79c1341fe0168e5dc194ea409f1126e6e7850d8
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 864KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.1MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 92KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 25KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ