2eced869220715ee21f30603f66a65525f000e4bab5145719ac2d3ed4715cc0a | Triage

Sharing

General

Target

2eced869220715ee21f30603f66a65525f000e4bab5145719ac2d3ed4715cc0a
Size

4.8MB
MD5

f402a29b277c18b6889008a2a388d9d1
SHA1

4423d8d686b04e069903b68e5b454e397c886e13
SHA256

2eced869220715ee21f30603f66a65525f000e4bab5145719ac2d3ed4715cc0a
SHA512

bdc1b2011bb5449d629f1ace4df224587b140d76ff1e0ad636309688b6a88d5be82e08a81d322bd212b79c4aad14ea20227c4392dfd1d6dd5176a557b0d9b903
SSDEEP

49152:6Nn4mBwsejCDtfBHG/mUmt0RLFxFgc63aU+HSjBX4abi5qlM7UU9Ev:A4mSsewtfZG/4QRrGBoabi517dSv

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eced869220715ee21f30603f66a65525f000e4bab5145719ac2d3ed4715cc0a

Files

2eced869220715ee21f30603f66a65525f000e4bab5145719ac2d3ed4715cc0a
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 70KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ