481a184525d4755ff08e9754bf5c700ba71c613804154f6358dc118f3496624e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

481a184525d4755ff08e9754bf5c700ba71c613804154f6358dc118f3496624e
Size

9.1MB
MD5

065eb75af84d47b6d4b737bf18e62630
SHA1

d45fe06329c6aab231f2be1d1f6e62e7275f86fe
SHA256

481a184525d4755ff08e9754bf5c700ba71c613804154f6358dc118f3496624e
SHA512

14aaf672167334f5bbdb0522a55746b52c62e14c731de5b85eb1dc3c53b570f72699d8c4c8d9d4653b364c27c9f1d3fab8631a881ba39e640c8b90e854b47d02
SSDEEP

196608:VLT3mSgBOHPxLQctICuoOYLwV9iIoLAGk8J9p7xsSUAZEk7DKOS:NTeOHhKo7LS8DpimxCOS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
481a184525d4755ff08e9754bf5c700ba71c613804154f6358dc118f3496624e

Files

481a184525d4755ff08e9754bf5c700ba71c613804154f6358dc118f3496624e
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 2.7MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.7MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 85KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ