87d0f1fdfdd65b31ec75dcb084720dc5d0d1bc69a7f3b427c7f1f4d9eb924b66 | Triage

Sharing

General

Target

87d0f1fdfdd65b31ec75dcb084720dc5d0d1bc69a7f3b427c7f1f4d9eb924b66
Size

3.0MB
MD5

ee1c22232915b230d3ebd40e0e8a33de
SHA1

404926e60082aca9fa2844b36b05137886d73396
SHA256

87d0f1fdfdd65b31ec75dcb084720dc5d0d1bc69a7f3b427c7f1f4d9eb924b66
SHA512

a9054e74e541846c525a387f24cdd6add5ef848a0dee12e652843043a8e49fe7418184111fda3b9ecafb626973b9d006c1cb7db9f608c4210aebead2b8ae9d6f
SSDEEP

49152:8ylJwfQCH41W0CQyeZDCHyFGDiMlrdWgLvvDgTskBxjr1kfoUhixvSw/uCzaM1D:8AwfbYwqOHyM+qdWGTZkBxmhyvSfCz11

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87d0f1fdfdd65b31ec75dcb084720dc5d0d1bc69a7f3b427c7f1f4d9eb924b66

Files

87d0f1fdfdd65b31ec75dcb084720dc5d0d1bc69a7f3b427c7f1f4d9eb924b66
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 110KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1009B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 77KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ