7584afa6515d620c45636690f1969d32d8998916a495dfc0be2348a91a7559b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7584afa6515d620c45636690f1969d32d8998916a495dfc0be2348a91a7559b1
Size

10.4MB
MD5

748fd3c6456a4be89b08e3755106c49f
SHA1

4a9e979f692a90ce648adb2dadfac8b1095803c1
SHA256

7584afa6515d620c45636690f1969d32d8998916a495dfc0be2348a91a7559b1
SHA512

43e85a637268a195341155dd6a6b0ddc93e7967480ca4c30b274138d74abed4724e71aaaddf1633629efef67d54e336ff0894ac2dfaedb6435ed3b8937df2a94
SSDEEP

196608:2lSPw/3kl1dIC1scLJB1aTEb0vf//sIsfPu89yUkVZdsbOWgxAsxiz4Z:WkXdvi6JBsTEb0vf3szPFElmOWlsxiz0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7584afa6515d620c45636690f1969d32d8998916a495dfc0be2348a91a7559b1

Files

7584afa6515d620c45636690f1969d32d8998916a495dfc0be2348a91a7559b1
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 348KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 160KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ