955d46a331315ca6700479b5e669a02c6d72c4ff45774094f723fa000dc1bf12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

955d46a331315ca6700479b5e669a02c6d72c4ff45774094f723fa000dc1bf12
Size

2.5MB
MD5

7b3e56ce583fb4c3b38794310a3fe57e
SHA1

2310a602f958632e9bc34e1e05fd73aae6ea4b5b
SHA256

955d46a331315ca6700479b5e669a02c6d72c4ff45774094f723fa000dc1bf12
SHA512

4a1d8cc8c0937ddb4d59ff2d46cf87c882bf9c1640f97013bb98f671e7e120ca1ec0e1339cc1ef0a05956ff372b8e02a89a3992cfc3b2fe91d0fea60632376bf
SSDEEP

49152:s15759ZR8xImW+OdPDZeCxDq7gfaZfDUh1XOaA0mjYeCXl+zOge/dCvnDIT:u7TZR8xBW+OdLJdq8Eo1sYeCXoigSEvA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
955d46a331315ca6700479b5e669a02c6d72c4ff45774094f723fa000dc1bf12

Files

955d46a331315ca6700479b5e669a02c6d72c4ff45774094f723fa000dc1bf12
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 53KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ