a49cd0fb02c2a724963d4408296c56a279c754c60bc1da98321365829ec9a85d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a49cd0fb02c2a724963d4408296c56a279c754c60bc1da98321365829ec9a85d
Size

4.0MB
MD5

0b554de1fcd40401f10409f22a15b338
SHA1

a46b63f7ccebfdd30757f1be88c61b975c83f09c
SHA256

a49cd0fb02c2a724963d4408296c56a279c754c60bc1da98321365829ec9a85d
SHA512

2f6edeef4ef2385732be2ea1dc2eea2880e24fce23fb596ec7d4b09593e4bd3e599c095ea1624339eb9a18efae3f84a71fc0d301c749705ee339393796a25186
SSDEEP

98304:48A5U3LYiJV1T7XNlotpX2qpv2Kk4S2upG:4v5U3/71nNlotpX2qpuKk4e

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a49cd0fb02c2a724963d4408296c56a279c754c60bc1da98321365829ec9a85d

Files

a49cd0fb02c2a724963d4408296c56a279c754c60bc1da98321365829ec9a85d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 452KB - Virtual size: 1001KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 932KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ