2baa9e2ca4a810d32e8e0250b4a44cf3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2baa9e2ca4a810d32e8e0250b4a44cf3
Size

3.4MB
MD5

2baa9e2ca4a810d32e8e0250b4a44cf3
SHA1

9181325efb4f78deed096988bd845f02a2d19af3
SHA256

a0d3de6ed568fac1ff37a119ea50bb8834e6f385c32b50150ff9ff13b78ad772
SHA512

2dfd45f374adf7cc852c82aedec9e571d82841cc9b7d7a29c458516f7e6ffac2c57c1a309b94fde6d394c66625cf3318dd3c62fc5cce2ffd4a53c87972a56372
SSDEEP

49152:N7cl6RqzVjfJThDd4+hMWSGOB/H3G/Mk/Tmde8h7oS9/tMKJAKADNLehKZmELS3y:VMpdx4GI+kk3bS9/tMKJBEd2KZmE8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2baa9e2ca4a810d32e8e0250b4a44cf3

Files

2baa9e2ca4a810d32e8e0250b4a44cf3
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ