507bdd9f2e9f46865d8b059e0e19ed51 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

507bdd9f2e9f46865d8b059e0e19ed51
Size

12.1MB
MD5

507bdd9f2e9f46865d8b059e0e19ed51
SHA1

e61dc4c3f98dd7c42e858cd231e52d2611c7f8cf
SHA256

b089068928843e3104dc8ea920ad7f7285bb0146814e5e68ba9a38d577816950
SHA512

dcc0ed5e0126309864609fa62d9de63ef42f653b8b2e44e63d4e0d1ac5198565645e69bf71e772006d0df3089654bc6a9df319c88dfecf69295747ed074a22a6
SSDEEP

196608:3ZXu6gfH1mOYE3dG82mKswOsKRESP84+A30C54vclE2987zP5xU54waY1Dy:3QvdG8jpbD1+s0CiQazP5CuJY1Dy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
507bdd9f2e9f46865d8b059e0e19ed51

Files

507bdd9f2e9f46865d8b059e0e19ed51
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 7.6MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ