22d599ef0a03016e3e7a7445635bd5d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22d599ef0a03016e3e7a7445635bd5d9
Size

3.1MB
MD5

22d599ef0a03016e3e7a7445635bd5d9
SHA1

bbb5711f9cc85407151d29e2cf4d7a8f11e4051c
SHA256

faf1824c1da0692ab44e55a7a32aec0021ece6001a00ac5e49c3d2d4dd53aed5
SHA512

aa96fc16d0efa155a45eee419f53674e8610464e0825ec53fd6340aa71f255e8f3f48053957d991b945d363d63a1338dce3b144d6d8ff6ee9da85bc2f96422a6
SSDEEP

49152:VY5x4MM6jkYb5AP0bDacR/ZIBnZ5hlh4FrWLAKeAAeLym6Y7Z8VXg:WBM6jkYb6P+acRAZ5WT9AAyxt8Jg

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d599ef0a03016e3e7a7445635bd5d9

Files

22d599ef0a03016e3e7a7445635bd5d9
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 229KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 400B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ