891555fed3e0d3c6939be0a6db09d51e7b5649d11c71e721b17de82f5df7d744 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

891555fed3e0d3c6939be0a6db09d51e7b5649d11c71e721b17de82f5df7d744
Size

8.4MB
MD5

262dc43e8418b3d184f31d739e41d9c4
SHA1

8f16fb4401b4831ef2266b01ddc2abce9264438c
SHA256

891555fed3e0d3c6939be0a6db09d51e7b5649d11c71e721b17de82f5df7d744
SHA512

77a025530c5c023dafcbf5ef2172d2ad57b4bf9c568082518fae4bf09fd54452fe840d6a2f4fa23340d60de63f5e598cb05d70c7da9b1b84f519ad0401632e48
SSDEEP

196608:Wu15d4cEdwFCqr9lBGIWxHF7NIKaIsco8CHd5Sn+iau:WuDd467lBGI+l76vIscuWn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
891555fed3e0d3c6939be0a6db09d51e7b5649d11c71e721b17de82f5df7d744

Files

891555fed3e0d3c6939be0a6db09d51e7b5649d11c71e721b17de82f5df7d744
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 376KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.4MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 68KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ