c0daeca4a9bfbffb1a0825f70e913bdd2828ed1ce2ab19f59d6be699ae5f4828 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0daeca4a9bfbffb1a0825f70e913bdd2828ed1ce2ab19f59d6be699ae5f4828
Size

3.0MB
MD5

75dc19b7b720c1a883f1bfb0e7fb33e4
SHA1

35ecd0f690408cc65a4b2a53246081f68b28e1fd
SHA256

c0daeca4a9bfbffb1a0825f70e913bdd2828ed1ce2ab19f59d6be699ae5f4828
SHA512

e1a28555d0366aee41f07c7e8e20b7b7fa3e1a76d983c9dd860c3b513fd2bad1619b862fc3dfa6977d30e035a11a4e803780498ff37adedc92761fbda827f784
SSDEEP

49152:rNo+vzeBR91EEJv807JsVbH/0/CcMVHFexEwu0sBrFdzGp/LO71cw6UnCqY/z+RC:rJaFTZhe5/FeZuRXNW/LORcAnlYTyTe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0daeca4a9bfbffb1a0825f70e913bdd2828ed1ce2ab19f59d6be699ae5f4828

Files

c0daeca4a9bfbffb1a0825f70e913bdd2828ed1ce2ab19f59d6be699ae5f4828
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ