bc764f289a2f49f8f48690049f77f5ae | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc764f289a2f49f8f48690049f77f5ae
Size

2.9MB
MD5

bc764f289a2f49f8f48690049f77f5ae
SHA1

60d455da0c05b3e6f1bd6a996163fd4066ccedaf
SHA256

680c1a811e59bdddded67c1544d75a4bebf66db0a7c61b28079d4b646de37c8d
SHA512

0bd561b24faa9efca23691459e82fcbc13cc9de64331e30812726366016d2e64ae34193c1eb55db709e883b5b1663a0236650f49dd7941d1fa96517e5c657483
SSDEEP

49152:rvzlArjPZyvlOsBC7zuhMriLdWsfHimsTrKk0JySrh7DIDwk6NwvHqeIKb47d:rrl1BR1Z5fHiUHJRrhYDwVNkHqeIKEx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc764f289a2f49f8f48690049f77f5ae

Files

bc764f289a2f49f8f48690049f77f5ae
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 341KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 97KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ