557283a5a44a8c731716d5d1ba4dc09de2710ca0ccff22cf5c8592eab1a5948a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

557283a5a44a8c731716d5d1ba4dc09de2710ca0ccff22cf5c8592eab1a5948a
Size

150KB
MD5

d1493b7ffac651534e670d43fb10c75e
SHA1

29ded9c0779331ad2a0edf80052c1ffaf9036b7c
SHA256

557283a5a44a8c731716d5d1ba4dc09de2710ca0ccff22cf5c8592eab1a5948a
SHA512

0ad85f21f21a693d20b196298977539c30bde8ce50100a7470cfb61c5f4466886f213a29915a7d33401a3eb9c55ea2a794bb442138575835f9a2cee8b017ed97
SSDEEP

3072:vvTR8IqlRF1UgLqrQCcYqXGRbn3nzFwEVEFDeH935lXm:XTPqvUgN6bn3TVEReH935M

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
557283a5a44a8c731716d5d1ba4dc09de2710ca0ccff22cf5c8592eab1a5948a

Files

557283a5a44a8c731716d5d1ba4dc09de2710ca0ccff22cf5c8592eab1a5948a
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 23KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 65KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ