8db1df6544a46f0d6bbbb68deb281b61 | Triage

Sharing

General

Target

8db1df6544a46f0d6bbbb68deb281b61
Size

2.8MB
MD5

8db1df6544a46f0d6bbbb68deb281b61
SHA1

fed1276cd88f7d7b42cdbc17b5aa055a20b787b0
SHA256

7108f07084ad9463edc01d5bed2745c1b9fb813d19e45aff033ed8f87720d5c0
SHA512

9b62efac793abe13ba3984944b978b1b0350f12427f1aac16c09dda694f8049809d3408500805d1649e1c0028d35ebf8de3a9482e18f2ab38e7a25567f9ee0ce
SSDEEP

49152:G7giBkyvYgVVc0RX60MpQ4IcBieSelGrmc+nppZFHRrLT95tVbOmq:egEaQXi3IeTcqppPxr/ztV6p

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db1df6544a46f0d6bbbb68deb281b61

Files

8db1df6544a46f0d6bbbb68deb281b61
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 341KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 97KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ