9d89f04153b0acf202d156f6f3f7e2357830e12cab4bfad0078e41693cbb51bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d89f04153b0acf202d156f6f3f7e2357830e12cab4bfad0078e41693cbb51bd
Size

4.0MB
MD5

f582f6f9e5023c8e09f3e79bf94b815f
SHA1

e91d210c1fd8e34b1dc771f54cc2526a92210f67
SHA256

9d89f04153b0acf202d156f6f3f7e2357830e12cab4bfad0078e41693cbb51bd
SHA512

c148b8822eb26ec5faaf73fa4ec01d2e031f7bbbbff3e3747416ae268df3c120e157f171a4c078030cdd22bfea278b5f06040d89e8da3a610c43b6acead8747c
SSDEEP

98304:+orzaQQX5TbR87DnOqbOoMIx63c7XeBk+7cutpADa:jL45ZeOfoBd7Xe6+IMSa

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d89f04153b0acf202d156f6f3f7e2357830e12cab4bfad0078e41693cbb51bd

Files

9d89f04153b0acf202d156f6f3f7e2357830e12cab4bfad0078e41693cbb51bd
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE