149eb86da727ee6e9e1a6a3d7b2de1e73e467323fe341f37723e500fe73dc933 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

149eb86da727ee6e9e1a6a3d7b2de1e73e467323fe341f37723e500fe73dc933
Size

7.0MB
MD5

ea15ecb864ee7ededad00c580e56b935
SHA1

9ec94d2ce4902c5a30709d9e7da97c8fbc78cc2a
SHA256

149eb86da727ee6e9e1a6a3d7b2de1e73e467323fe341f37723e500fe73dc933
SHA512

592f9e1c4655752e17448e71889daf4a03800903945aae2a2bdb6b400135c4a15c677d463115d8640034015c9c4e489706f2ba51fa31eb85ce9eaa84ed6511c6
SSDEEP

196608:vfIXgWbOFHFZK/dRmXHG03uqIYNxRUA5BjW4Kt:vfIIvQCGMxCu1Kt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149eb86da727ee6e9e1a6a3d7b2de1e73e467323fe341f37723e500fe73dc933

Files

149eb86da727ee6e9e1a6a3d7b2de1e73e467323fe341f37723e500fe73dc933
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 352KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ