fd7b7e1b4ebdec50440f283c307e4ec0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd7b7e1b4ebdec50440f283c307e4ec0
Size

2.9MB
MD5

fd7b7e1b4ebdec50440f283c307e4ec0
SHA1

3353f14881945e26e9fa7c2058b5e1a10c719199
SHA256

cc881e566d1a3b25dd2123ef6d6798615c07f232131bbfec8eb6cc064bcfcaf0
SHA512

c69184af23d41be16b6e580d148e5118933954068347326ebeba0c9f1df6211c440c572e3327156bf0725b94b306cea9f8093a010d883074597c347bea7cbce6
SSDEEP

49152:E/QVU1YbmZyv97xNRMoPcDjUXkvK7d0vWtn3Uwf2Ulw3zyD6/kD+qwUWPYFG:E/1kN7/RMCCwXkvK7d0Uw3zyecD+UgOG

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd7b7e1b4ebdec50440f283c307e4ec0

Files

fd7b7e1b4ebdec50440f283c307e4ec0
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 341KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 97KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ