cb7dab101cdee2bf4097466bd9a8055b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb7dab101cdee2bf4097466bd9a8055b
Size

3.1MB
MD5

cb7dab101cdee2bf4097466bd9a8055b
SHA1

47b0dff286bc309bd98ad5ead528f85ee10e50b2
SHA256

912054249a6533fdb79afacbed4ec02bf9c843911f9ac03084c9d6ae350303f0
SHA512

8ac90b612f164ac7cbfdd1e4aa292dedced2e0026e237afa6269e734da98e1c102990fb954a357aac0815de5ced7df467f443dc465b8eddca574065279a4ecc7
SSDEEP

98304:nFa6ROXQEZJUtRnvmd5jG5SINoew86tR7PTRvJ:1sBZJUfud5jfINVDQ7rRh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb7dab101cdee2bf4097466bd9a8055b

Files

cb7dab101cdee2bf4097466bd9a8055b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ