262048a725e926268e5ba3fb19ab493f8e985d6020bc99aa4193cfc26d365631 | Triage

Sharing

General

Target

262048a725e926268e5ba3fb19ab493f8e985d6020bc99aa4193cfc26d365631
Size

2.6MB
MD5

3c42827dedfdc952ceb03aadce48a9ef
SHA1

ebd52a8a69bc905584f31901ac3be935fa5b78cc
SHA256

262048a725e926268e5ba3fb19ab493f8e985d6020bc99aa4193cfc26d365631
SHA512

84fab16a581f46e6ae0fa8229f7382b1cd7e0696aa866e31b35be038d1cc835698065bf1ff51b5593e4379eda52ac9e9d72e87e06441b358e5fb5d26a9833e57
SSDEEP

49152:gWaR7LTL37GqsKPBotkrqRH3mGp7X13mpWRxy+Z4rytDh:gWaRvTxsKpotYqRHv7ZmpWny+Z4mV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
262048a725e926268e5ba3fb19ab493f8e985d6020bc99aa4193cfc26d365631

Files

262048a725e926268e5ba3fb19ab493f8e985d6020bc99aa4193cfc26d365631
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 269KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 101KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ