009f26058559d954ab92d16bef42f0df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

009f26058559d954ab92d16bef42f0df
Size

2.1MB
MD5

009f26058559d954ab92d16bef42f0df
SHA1

0f170125b12a2bd20100931e91133e7a7395cd71
SHA256

dc390cc6bda9ff6d1c209ca47a32dfab30b3e4d7e71d09b9a15d69accb99483f
SHA512

5adffc0fa5b9adaa8953930d346099ec292c07dff60aadb9e1e9f73e0023469b626043df66895bdf7d8dbb2aa9aae6cc9b100ca094982aaa7158ae83576f8b4b
SSDEEP

49152:XGK99P4x9Bj27xQFXxKaTtyL4K8J0Q+ve+MMk:XGKTwl04JtyDI0BexL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
009f26058559d954ab92d16bef42f0df

Files

009f26058559d954ab92d16bef42f0df
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 22KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 631KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE