524ec5fbced4d2e00b79d93d4a9a9be9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

524ec5fbced4d2e00b79d93d4a9a9be9
Size

3.0MB
MD5

524ec5fbced4d2e00b79d93d4a9a9be9
SHA1

e0e801828715aa96918db505c6b99c187565bf7e
SHA256

143bf2be4c09b976f1607cada54c7a4c63533c6b3a450a81386a9066a18cf212
SHA512

edde1d79bb0b363c139a2b29e693032f8cc7a47d7ed4857cf65891a1bb8621df47cb6b8fa1d2a710ca577deddf47ac5c1d2f6b465cd27f6cf25be5c98b7cca76
SSDEEP

49152:YDDjDJuUt/6e9kzxhYLvFtCMSAwKUqKzxKL4XDqccQLIt82YGETgQNPo:UDGszUT5Dqc7ct/T

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
524ec5fbced4d2e00b79d93d4a9a9be9

Files

524ec5fbced4d2e00b79d93d4a9a9be9
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 19KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ