ccfb258ad99400289fe6121b583d96e0fca9929e6d7caca12df67cb46a98843f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ccfb258ad99400289fe6121b583d96e0fca9929e6d7caca12df67cb46a98843f
Size

15.7MB
MD5

c05b9ebfd979545aea7447e3ab3f8eb2
SHA1

92518ce688aef977335e47dadfc380f84e0b3fda
SHA256

ccfb258ad99400289fe6121b583d96e0fca9929e6d7caca12df67cb46a98843f
SHA512

b779e969a8bf73e27cb6321d7fe2ae2348703bfb8e67ceca92cb707e7df23721a5fa7567ac3ad0efe73e866de43210a41bc2395e5b3fbb92bc588127d5627a16
SSDEEP

393216:esBu0U+izqje5iZIPyPzOB6vphSUNFM7Q79S2CzGwfa7zpbO:esBu016GIaOB6hd07QkLcz1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccfb258ad99400289fe6121b583d96e0fca9929e6d7caca12df67cb46a98843f

Files

ccfb258ad99400289fe6121b583d96e0fca9929e6d7caca12df67cb46a98843f
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.4MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 532KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 20.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 13.6MB - Virtual size: 13.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ