7f0bf99447e87c61b2c4ef273b361d92a5217fd527d017f2f68c67475d0f900b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7f0bf99447e87c61b2c4ef273b361d92a5217fd527d017f2f68c67475d0f900b
Size

3.2MB
MD5

a6ad800433e8f94b70eeb1f37d67694a
SHA1

86f426c188983c847ee39cb3462de447b603b161
SHA256

7f0bf99447e87c61b2c4ef273b361d92a5217fd527d017f2f68c67475d0f900b
SHA512

c71d53de8ae3bb3cb7d8005292ed81857c6b43bb9f9251216a80cc80a11031b1fb7052c66f05eccd6aa7a16788a903c5832f149d77775aad0405e4360a3bb70e
SSDEEP

98304:A1FjlCpi07DR7lrykfATHw0XT5WP35j0zx5VdM:A1UPXo8hj0l

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7f0bf99447e87c61b2c4ef273b361d92a5217fd527d017f2f68c67475d0f900b

Files

7f0bf99447e87c61b2c4ef273b361d92a5217fd527d017f2f68c67475d0f900b
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ