13c77a326992aacad6b373b59eed22a0bc17ad8155df3d6bceffd50fc394ec39 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13c77a326992aacad6b373b59eed22a0bc17ad8155df3d6bceffd50fc394ec39
Size

14.1MB
MD5

0ff47b8bb73b1140d2f2ae43e9f4c977
SHA1

938df28b3f04dea78ed6332b2b81290edefd83f3
SHA256

13c77a326992aacad6b373b59eed22a0bc17ad8155df3d6bceffd50fc394ec39
SHA512

c959d8783676c9a59b4ff44b1e8e63dfe5d01b9b28ec2c92c338e1299dfc562358a6d5db54a0ad5b417ea8f645f36b216c6df98b76d63d02d73aedb33242138d
SSDEEP

393216:1Wdy87BSKoFWJdNqtlRqardpXCtBTaWgUsOjay:1gy8kJMjNqtlRqaW3Tafy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13c77a326992aacad6b373b59eed22a0bc17ad8155df3d6bceffd50fc394ec39

Files

13c77a326992aacad6b373b59eed22a0bc17ad8155df3d6bceffd50fc394ec39
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 968KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9.8MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 116KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 180KB - Virtual size: 426KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ