54bf5055ce928202dddfc0d77c4999abce6be64660b8822bcd48e6f6066d33ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54bf5055ce928202dddfc0d77c4999abce6be64660b8822bcd48e6f6066d33ee
Size

6.2MB
MD5

4438f2df4319e16c59320ff2bcbe666c
SHA1

20036804bee3af1a9199dfd682cbbe18f1bd0cda
SHA256

54bf5055ce928202dddfc0d77c4999abce6be64660b8822bcd48e6f6066d33ee
SHA512

609befdb7f7119a9769a3d2392a49db3f7a5093bc5a1216d42e72e0de0a0f84b6432d34dcc14f39fc521e0607a8da37ce4ebd157269d466f51467aed4600c00a
SSDEEP

98304:wEejFyjes9WuhX2AdQ1iDoPaSYEyGaWrXHltyj0medGQ/0JHpTf5:iRyjt9WuhmAdQ1coaKXFoj0LdL/2H9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54bf5055ce928202dddfc0d77c4999abce6be64660b8822bcd48e6f6066d33ee

Files

54bf5055ce928202dddfc0d77c4999abce6be64660b8822bcd48e6f6066d33ee
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 372KB - Virtual size: 777KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3.3MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ