6b452890a1055a3e6f78c91b48b066cb2d1fcba5663ba7e07c0af30d2252c41f | Triage

Sharing

General

Target

6b452890a1055a3e6f78c91b48b066cb2d1fcba5663ba7e07c0af30d2252c41f
Size

15.0MB
MD5

44389497969be6a61c6092c9402aa2ed
SHA1

80330a87343d8f227cda1f6c7ea9f4afe4bddf52
SHA256

6b452890a1055a3e6f78c91b48b066cb2d1fcba5663ba7e07c0af30d2252c41f
SHA512

1af334dc5ac883c7a8c28f591d4a7e2dfa402aecb268de438cbceff9b286e33143d706a728a26219dab7ff125b991e5a3c69fe59c76993233b7d128ed3dd2484
SSDEEP

393216:gZH64A5sSIYqA/Y7ezW9Um/LmHT5Rd+6Qi7e:gZHdysSIYZq9fSGB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b452890a1055a3e6f78c91b48b066cb2d1fcba5663ba7e07c0af30d2252c41f

Files

6b452890a1055a3e6f78c91b48b066cb2d1fcba5663ba7e07c0af30d2252c41f
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 11.8MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ