3deb4d36d584d4b4717cb0f03301e6a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3deb4d36d584d4b4717cb0f03301e6a1
Size

3.3MB
MD5

3deb4d36d584d4b4717cb0f03301e6a1
SHA1

e1dea2d01c7034600c0de7719c894638cf848785
SHA256

1283abbade52e1ce91516f96d258f9a6fb3a54520346f082b8329a26024854bf
SHA512

d0fa6c7acc39bdcc44ebcb6dbde358c6b032fc1d51bdd1707b259893a1232d59d5678ef92e385eea8a263fbb068e9095de4979aec7b093e239fa4cbdda9a14dc
SSDEEP

49152:tm1eFHPevPGJKlPOBueKk5+Fhz53XHL3IW6EkOoBleE+OjygjT7K:tjpgpeK2QhzlXHLUEJoBwujyMS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3deb4d36d584d4b4717cb0f03301e6a1

Files

3deb4d36d584d4b4717cb0f03301e6a1
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 101KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ