ca9a8dc4c6b60da3ac7b512dc2cc232ee5b09c2035eecf2185277442f884c432 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca9a8dc4c6b60da3ac7b512dc2cc232ee5b09c2035eecf2185277442f884c432
Size

2.2MB
MD5

1c576ece1cb918832be3d9e5f665388b
SHA1

3963f72cb133a1a7479c58caa582cf19040dfe3b
SHA256

ca9a8dc4c6b60da3ac7b512dc2cc232ee5b09c2035eecf2185277442f884c432
SHA512

6be5f3ddefae674ee6b2c95d1150242f0a67cb27be50036d10acbc0dd6ba65f55536edd084f86eb22a79714abf0c8fad2b3847a137038cc78cf045c7454f4e90
SSDEEP

49152:6IGvbWIAw+DUeVbZKTGcuPjIdM4ehYLB52UACew:8bVUxZKTGb0dM4sYLb2UAi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca9a8dc4c6b60da3ac7b512dc2cc232ee5b09c2035eecf2185277442f884c432

Files

ca9a8dc4c6b60da3ac7b512dc2cc232ee5b09c2035eecf2185277442f884c432
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 74KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 81KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ