ba5791f36d6f5d61e49e4a2c41fd61e1e18678f830011b7ae0002cc454266a14 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba5791f36d6f5d61e49e4a2c41fd61e1e18678f830011b7ae0002cc454266a14
Size

4.2MB
MD5

85c6b093bf3a40fdcff3b28325ec81cf
SHA1

761ae7abd4007ef1596ea5d4e733772c3710d47e
SHA256

ba5791f36d6f5d61e49e4a2c41fd61e1e18678f830011b7ae0002cc454266a14
SHA512

31f7e62358b9346144296cc5f2943bc14f9366694f01b910edd0ea07fae12e306335e0723bf18adc71010462b8629271e23210777954b896aaa87d97b3b9ab87
SSDEEP

98304:SF6VipOD6+DF/qUmbxUNR3/se66TcPYV:SA6OWqF/qU8S8Mq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba5791f36d6f5d61e49e4a2c41fd61e1e18678f830011b7ae0002cc454266a14

Files

ba5791f36d6f5d61e49e4a2c41fd61e1e18678f830011b7ae0002cc454266a14
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 499KB - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 102KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ