1db489e865165488729e1d74ebdd43ce1fbacc5e5172ef49a57f14866c0b297f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1db489e865165488729e1d74ebdd43ce1fbacc5e5172ef49a57f14866c0b297f
Size

3.4MB
MD5

3680a3e33603335aeb0e33c6507a9f05
SHA1

5f005ac6f0425c1ba04e1284b3b7449ab169df8e
SHA256

1db489e865165488729e1d74ebdd43ce1fbacc5e5172ef49a57f14866c0b297f
SHA512

cce4cee29981dca9ee0d8adc331eefe6526c2b03ac3481ff4c8db83adbb559524a509d918ad1ff6adc8a3db40f2a28eb48c629e510f4dd94d9d1e66116c52dbf
SSDEEP

98304:WiDbHT2PvjcPnCfNWTlk4jGhdvDbM17e/V+H:WKbaPv06gTlk4Gv3M17WV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1db489e865165488729e1d74ebdd43ce1fbacc5e5172ef49a57f14866c0b297f

Files

1db489e865165488729e1d74ebdd43ce1fbacc5e5172ef49a57f14866c0b297f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 344KB - Virtual size: 670KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 416KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ