f697ad598dec5f0b112d39e57bf0b3f12abee2cb50107e9e9b162aca8b62ddad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f697ad598dec5f0b112d39e57bf0b3f12abee2cb50107e9e9b162aca8b62ddad
Size

10.5MB
MD5

8f63b37373e6623b956331a0675c8738
SHA1

1659b05fbc5e4bf1b095077aa3dee6b73bb737f5
SHA256

f697ad598dec5f0b112d39e57bf0b3f12abee2cb50107e9e9b162aca8b62ddad
SHA512

3649c17c0427611be0832427cc90bf7d0021125766895a42be3fb15da96ec3261a95322cc76a707d910755590a40ba7094bf99c16c7a23c14d4bb474ecd0f3cd
SSDEEP

196608:MO6K5zF30pjlrg34llBSw311r6ko1A3zyGrg1oCm3aCe1m7M/KPecSTAux:MOHzFyW344wf6v1oyUP3aXY7wTb

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f697ad598dec5f0b112d39e57bf0b3f12abee2cb50107e9e9b162aca8b62ddad

Files

f697ad598dec5f0b112d39e57bf0b3f12abee2cb50107e9e9b162aca8b62ddad
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 356KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ