a7069d7ae906ebf3770933cfc5edeccb56296b0bc5e3fcdc0ec51e67ab4b8b3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7069d7ae906ebf3770933cfc5edeccb56296b0bc5e3fcdc0ec51e67ab4b8b3c
Size

2.9MB
MD5

08212b2c183461edd9809c8adba1923a
SHA1

5bfc66b02fc80e4074016c3248eecac8c0272b5c
SHA256

a7069d7ae906ebf3770933cfc5edeccb56296b0bc5e3fcdc0ec51e67ab4b8b3c
SHA512

bd7e6c897778f64929e48c2d4151f0e7be5a5eb3fcde944fad954aa20dcb6a7460eb87735459695b608142ed60e1d8152b8138ea60d301454c7deff766ac933d
SSDEEP

49152:qbOk/ddKddzMjUg9TvNXjgtUIzGAR272i8/MUXOyok3DfJcPRIXUt:qbOUdYtglvNXUtzGYZ/LDfJuIc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7069d7ae906ebf3770933cfc5edeccb56296b0bc5e3fcdc0ec51e67ab4b8b3c

Files

a7069d7ae906ebf3770933cfc5edeccb56296b0bc5e3fcdc0ec51e67ab4b8b3c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 100KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ