287c789d1bcf4bfbcf49287dedce3551751ffdab0501842fd153fe21f6c90114 | Triage

Sharing

General

Target

287c789d1bcf4bfbcf49287dedce3551751ffdab0501842fd153fe21f6c90114
Size

3.6MB
MD5

3c74ccc087e7552cce50f83b28c9a0b6
SHA1

4df1aec1ac0c90471d34ed5ba6a178ac3d180649
SHA256

287c789d1bcf4bfbcf49287dedce3551751ffdab0501842fd153fe21f6c90114
SHA512

bcd3e8b96575c7602ed20da533213a438fb26c55d0e9ed5d355e0c7fa6f6c61e3b63871fd2dccb6f4c59c416d50285f03e4cdae38727112dd009354bb1db217e
SSDEEP

49152:lQF5aMEujxWJxDFffQzDmGqMemtAqHU+joB+XNfovYoYxSL+cO/lfV5ER:iFOuFWPFQvmGqBWRU+joIJo8lf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
287c789d1bcf4bfbcf49287dedce3551751ffdab0501842fd153fe21f6c90114

Files

287c789d1bcf4bfbcf49287dedce3551751ffdab0501842fd153fe21f6c90114
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 548KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 132KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 36KB - Virtual size: 431KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ