df9d71cbdc0160253b00e6916bb5273c56aa93a6b0ce03f6b85f14e3863a3f40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df9d71cbdc0160253b00e6916bb5273c56aa93a6b0ce03f6b85f14e3863a3f40
Size

6.5MB
MD5

baf597a9897e0e72e97518da5e62b20e
SHA1

ac548dd41b3803140253919b41a95f2970f672f9
SHA256

df9d71cbdc0160253b00e6916bb5273c56aa93a6b0ce03f6b85f14e3863a3f40
SHA512

b05bf70bf64f512cbade637127af5751848b9f6743d3210b8cf7e3579a3a5374e8f9efaf135bbe381aac2459de0cef3e5e31951f60871b3f9ad33a8a523ef9e6
SSDEEP

98304:g0Yi2WPjSxbZa56Ofsvd+y6y4KnSPwMbaUbslILFI5WOb81jbzl:12WPL56HXtn6h4u/OYdzl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df9d71cbdc0160253b00e6916bb5273c56aa93a6b0ce03f6b85f14e3863a3f40

Files

df9d71cbdc0160253b00e6916bb5273c56aa93a6b0ce03f6b85f14e3863a3f40
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 664KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2.0MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 29KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ