84e0b3f81c333a9a3e095974733ea23dc0bc1c520f648859c92c22a0dc813072 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84e0b3f81c333a9a3e095974733ea23dc0bc1c520f648859c92c22a0dc813072
Size

11.2MB
MD5

18be230baa612e034f7f14914678f587
SHA1

d0ee33b1ef3a2b1b02dfda2247fb873588a5e854
SHA256

84e0b3f81c333a9a3e095974733ea23dc0bc1c520f648859c92c22a0dc813072
SHA512

1f6edd6a366de44685c55e3fd520f248693141168e8a18e42e43632bb44b429385718a44af10a807219d388d5b2a378bf758645f129556ec4f8455c28addeabb
SSDEEP

196608:sdN1H8YMj4kcR3EZ32u7W3ygGEa8L+sCj1tBP6J9gvL3PSI9ZoTrupL0N4CFNvaM:K1wG3s32u7WpGE3e1tBPsgr6aKnQ0fX/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84e0b3f81c333a9a3e095974733ea23dc0bc1c520f648859c92c22a0dc813072

Files

84e0b3f81c333a9a3e095974733ea23dc0bc1c520f648859c92c22a0dc813072
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 692KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 772KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 14.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ