avicap32[.]exe | Triage

Sharing

General

Target

avicap32.exe
Size

6.1MB
MD5

8570d48a1291cc62a902b06b7429b2dd
SHA1

6f7de617e02b655c01e734e9ea30bfdfb4caaa24
SHA256

729c7829cb055679d29b496693a55814c1a493c7c4a68ab7c121ee5e4745c430
SHA512

43970a17e5d27801dd8306b5b228bc1ce300c07ddf9801775ea52b87d73fa96041160927ca23c5e4b98046f8aadc6973e9fda58d9bfeac25399370295c053af0
SSDEEP

196608:1nXtfIhfnpg/2hk57yqx256vfOCv8q+M/VX:1nXtfIhfnpg/2hk57yqxvf1f+MZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
avicap32.exe

Files

avicap32.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 592KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE