6ae8bdfdd08289effb77da39373a62696230215c6dcbbab84afa601312edf944 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ae8bdfdd08289effb77da39373a62696230215c6dcbbab84afa601312edf944
Size

14.5MB
MD5

0f23e49339a9fc0f366e69f29167caf1
SHA1

dcf9060d8679639940bc3050c664522653d958b6
SHA256

6ae8bdfdd08289effb77da39373a62696230215c6dcbbab84afa601312edf944
SHA512

aa01e8457f777861962cecfe4479cbbc3e2b9649de75a63e23e4f8230f012a69288fbde02b1a6d68e9a17947ac1d85c49e39ec5922ba0ac4d0fe19ac82b02893
SSDEEP

196608:N46dlfo4fq9tcvMwUmURTygh/GbvbPqEqHfFUE/kTX9YIfnt0f6M440bTgXMA7p6:NRtfq7jwUpGgh+bvbhUF5/kX9YIg6MOR

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ae8bdfdd08289effb77da39373a62696230215c6dcbbab84afa601312edf944

Files

6ae8bdfdd08289effb77da39373a62696230215c6dcbbab84afa601312edf944
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 736KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.3MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE