18c8f4022544bf2251e8b95555fa4a3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18c8f4022544bf2251e8b95555fa4a3e
Size

6.1MB
MD5

18c8f4022544bf2251e8b95555fa4a3e
SHA1

8348c4b785c767887b2ce18dc9b1c62141cb6396
SHA256

72bda43e879bb6258c83bf71b99a1c6b088b7fa6b147c473ebc5005383e5a3d6
SHA512

adc22cdab7ea8e35ab54ba494d669aea105aa1ad49d47fad3fb07ce8daee567d44da6745c40c28ad631e669e485bd78cbc63db90fd7c397d52120b1d376b9378
SSDEEP

98304:3D2M2pgaPhhWSgYiAZFvMO5evocJ6SQFiv6ci/f69Cr4MnbI6LyHgZVKck0zAjDC:z2Fph/Wj5w5eVGFiDgZLEgnKcRAvdcd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18c8f4022544bf2251e8b95555fa4a3e

Files

18c8f4022544bf2251e8b95555fa4a3e
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 583B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ