89476cd9fdddff474f9ee797f3df63d1bfe316597c1a36ef496103ae4ce48cff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89476cd9fdddff474f9ee797f3df63d1bfe316597c1a36ef496103ae4ce48cff
Size

2.3MB
MD5

b1e24db9ec2023a2341f68bb6e81402f
SHA1

f3a70c1464044f9da8187ccb2543a84b41964c8d
SHA256

89476cd9fdddff474f9ee797f3df63d1bfe316597c1a36ef496103ae4ce48cff
SHA512

b21fa7220938d462f5f607d1635ce2b5c02461b843c07c0249cacd3e6da19154075ec8b10ed1d3dd198b095a62fbff5ed0d8671ee6a10553d5a2fe7119b88216
SSDEEP

49152:8IgXm+jFFFxcJ/Ez0218KYz5r01xCJKVawLIP5xw/lC:SXmmvFK29izZQ0hTP5C9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89476cd9fdddff474f9ee797f3df63d1bfe316597c1a36ef496103ae4ce48cff

Files

89476cd9fdddff474f9ee797f3df63d1bfe316597c1a36ef496103ae4ce48cff
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 272KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ