5ebadd018b7b64f18698929ef8d7016aa377348209ac7b27ed8918d5c1422088 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ebadd018b7b64f18698929ef8d7016aa377348209ac7b27ed8918d5c1422088
Size

10.3MB
MD5

ccea592cfb669915c84a128d0c84710f
SHA1

def2c88d2f0d37f9c0c6e3c2770b53cca856a37b
SHA256

5ebadd018b7b64f18698929ef8d7016aa377348209ac7b27ed8918d5c1422088
SHA512

be0fbde43aff58adb9e71cf5071a58b5dd8581a727476d5e78258262bdd9f245a9e5d0a6b2ff01c7286a535b90d7ce4353c91963e20947ed895e39b849408dc4
SSDEEP

196608:UofkKscbFskyqjIpJfwbkLfECPbC9nB+lRUC+c6q4BSlRu:VscbPUfQIfu9unNB4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ebadd018b7b64f18698929ef8d7016aa377348209ac7b27ed8918d5c1422088

Files

5ebadd018b7b64f18698929ef8d7016aa377348209ac7b27ed8918d5c1422088
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 356KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ