7e167b663669988742f413fea0e6e2bfd2bc60aeec740ac94df9d5024d3a20b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7e167b663669988742f413fea0e6e2bfd2bc60aeec740ac94df9d5024d3a20b1
Size

9.8MB
MD5

5ac518ddb0b00cd86dc01b306163225f
SHA1

678330c2e66e8008f39d7d9413805be4ed76db58
SHA256

7e167b663669988742f413fea0e6e2bfd2bc60aeec740ac94df9d5024d3a20b1
SHA512

649677906de8b5b23b2bb663879a4db09647c8f1f72a33d7c94852d02a856e63b27e246210ffbcfa327b8a3ca303905256f993902a2beb98b759cb1ae1ee9be3
SSDEEP

196608:wb2+k/PmsYYOXQk1z75X2bGLxVekmUosD1PyS66Hcec1YRoMFwiSxP:wVkHmtVSaxVekvD1KS66HS1YRoeZQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e167b663669988742f413fea0e6e2bfd2bc60aeec740ac94df9d5024d3a20b1

Files

7e167b663669988742f413fea0e6e2bfd2bc60aeec740ac94df9d5024d3a20b1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 961KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 112KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.5MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 81KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 51KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 123KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ