da9f0c664cdd527297d50d769607c57f845fe29818eeb924acbc7ac6aca87792 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da9f0c664cdd527297d50d769607c57f845fe29818eeb924acbc7ac6aca87792
Size

2.7MB
MD5

fffdd96bec55b23a9346aeaef7891897
SHA1

050ab373c87b2cfef23cd698ff84dfaf6650fab8
SHA256

da9f0c664cdd527297d50d769607c57f845fe29818eeb924acbc7ac6aca87792
SHA512

e9a60d5353212842cbdd64c98de33d12acb2472a92fa2c87975eaa2a1605238f2d0168b28955d7e3fed89d19fb27f25141030cacb266806f82e3decea5a5810f
SSDEEP

49152:7Krs6sw1cVDlkIoqaydRIMQm5q+38shTnKMIl/D+ZpMOndq7KKTi/S4:7KrxrqFlklEdXjbnKMm/DFGKyS4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da9f0c664cdd527297d50d769607c57f845fe29818eeb924acbc7ac6aca87792

Files

da9f0c664cdd527297d50d769607c57f845fe29818eeb924acbc7ac6aca87792
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 70KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 47KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ