b18328da94f37225c245190d80b44db3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b18328da94f37225c245190d80b44db3
Size

2.6MB
MD5

b18328da94f37225c245190d80b44db3
SHA1

d13cc6e96d986ad93bb1f10a196cbcbbceef56d0
SHA256

1c7966aa0c178ef0dd9b8e09e2a270141ab5bcac5cc420336bb6f2c4cc5e037c
SHA512

aa196e18521c0c567fd5cc410bf7e8e54292e76d0afd9f59a84e1901820302c9e2ae12b8eac0bac68b11bd6c10c90d782a3a59f9ac9f5e0ff3d6653c3de48acd
SSDEEP

49152:gn6Oygx9oTj0zLl5KxJc7WzS5EQ71A+jUTTd:ocal5z7WE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b18328da94f37225c245190d80b44db3

Files

b18328da94f37225c245190d80b44db3
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 98KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 878KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ