bcedf6aa1bb2dc1f6a5257a78c0e2b1b17dd383713c3706762279cd7259c95f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcedf6aa1bb2dc1f6a5257a78c0e2b1b17dd383713c3706762279cd7259c95f2
Size

1.1MB
MD5

b13a1b5339f2cf05be55e5590f46571d
SHA1

c0a9c30fb0909472f6d007cab22479e4a33eb0ba
SHA256

bcedf6aa1bb2dc1f6a5257a78c0e2b1b17dd383713c3706762279cd7259c95f2
SHA512

6f476cc6aa197846aa9f808d08746446c4eb15717cb9f967a55542f0e2b6dff09410d5a997161c35c972be8509e2f9026cb382bcd031d0386c38b3fdf423e07d
SSDEEP

24576:oCqyOl197j2fkge44u0mKRIY6UYJXx8CrxwpacOkcnu/miVP2LZ:6yOj97Sf/eW0mKCvJXRdvnkhW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bcedf6aa1bb2dc1f6a5257a78c0e2b1b17dd383713c3706762279cd7259c95f2

Files

bcedf6aa1bb2dc1f6a5257a78c0e2b1b17dd383713c3706762279cd7259c95f2
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 146KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 34KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 62KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ