14c8e198e9a3c1be25047fe8ace8634cee5dfd9a1021db2b5b1a497fc3f8496a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14c8e198e9a3c1be25047fe8ace8634cee5dfd9a1021db2b5b1a497fc3f8496a
Size

3.8MB
MD5

6056974e61215e50f08f751d8e2584d5
SHA1

e4c1778f1cb66666c72e8d547443c94ec20c3136
SHA256

14c8e198e9a3c1be25047fe8ace8634cee5dfd9a1021db2b5b1a497fc3f8496a
SHA512

d887160dd5868081856ce2fe8662fcb36e329fd59490b5db8aa1cd42822c7a8fa51c651eb836ea8ae8e7c2910da7c6ab394141f2e422804a29d00ca7270e9e4e
SSDEEP

98304:daHIarNpXtZ1ZzxAPe+0ZgcHp99wBBTn2CQt1nd9g:da9/tZ1xd1+G99wqCQvnc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14c8e198e9a3c1be25047fe8ace8634cee5dfd9a1021db2b5b1a497fc3f8496a

Files

14c8e198e9a3c1be25047fe8ace8634cee5dfd9a1021db2b5b1a497fc3f8496a
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 674KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 57KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 313B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ