1c2230d789bfcdc9556b151c385f7c056d653210c2c02e42b31ca3b050bf41e7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c2230d789bfcdc9556b151c385f7c056d653210c2c02e42b31ca3b050bf41e7
Size

3.9MB
MD5

42f31308444be2e76c7f80bb518f5b69
SHA1

5ae4502ac8f86c261b66d7a4bd2439b61ae17bcb
SHA256

1c2230d789bfcdc9556b151c385f7c056d653210c2c02e42b31ca3b050bf41e7
SHA512

d38c32e81e10afa1a586a98875e34f5bef1d326c9a90548b90d622a2ff6c96e958340a955d004fe2b0602525bab9f00819c515a992023c8d4f2b14964c19bfcc
SSDEEP

98304:K1X29SacJCl3Bw95kLLvE5Qb54Q1CgUi+gSOs0K4Nnnnnnnnnnnnnnnnnnnnnnny:K1ySzJk3Bw9YvE+b6s2C0Annnnnnnnny

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c2230d789bfcdc9556b151c385f7c056d653210c2c02e42b31ca3b050bf41e7

Files

1c2230d789bfcdc9556b151c385f7c056d653210c2c02e42b31ca3b050bf41e7
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 677KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 214KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 34KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ