f0b936df21cabf0f670173160d82625fd930af743492a5e5f7edc2d1b153183c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0b936df21cabf0f670173160d82625fd930af743492a5e5f7edc2d1b153183c
Size

15.4MB
MD5

b4f1e9f9e0229206011050a1f70137c5
SHA1

e1d1764d9fb9d9792166840e1ba509f4d429a883
SHA256

f0b936df21cabf0f670173160d82625fd930af743492a5e5f7edc2d1b153183c
SHA512

319761c9f21c8a7ad891d775f00180d962832d60c7582ddacbe68be2d3a2e4ce6dd1ba0ad095bfcd4c8c6889ed676e34b88ca1601dcf6b0a0d6efaeb94854955
SSDEEP

393216:4P3f1h6tZheSG7rRKCmwd/YWSNnJ724dLh9:M3f1h6tZUXrRKCmq/BShJCgF9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0b936df21cabf0f670173160d82625fd930af743492a5e5f7edc2d1b153183c

Files

f0b936df21cabf0f670173160d82625fd930af743492a5e5f7edc2d1b153183c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 620KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 20.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 13.4MB - Virtual size: 13.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ