0343d0149232d7257b50d4e806b24c7e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0343d0149232d7257b50d4e806b24c7e
Size

18.9MB
MD5

0343d0149232d7257b50d4e806b24c7e
SHA1

c8728bb3478381dfe60c4d20125f6c905a4338da
SHA256

4cd6c71014f456ad8896ddc0967504226f73ecbf2cd6d74519ab1481c748b577
SHA512

f6bcba8c236903f38d1e3fc55a8374f672351568aa2de3ee6b85d12f3bc6e20662cf32b0f85afad848099b21f96c1c45f5a2f1cefa677e8f92284eaafde3b20d
SSDEEP

393216:TKt2dL+LU3MpxNsvls+zbRHTHJZInDrHdXuDWash4Mpuus3c2:TKgULbevlDprJennHRashXpuLs2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack002/Assistant.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Assistant.exe

Files

0343d0149232d7257b50d4e806b24c7e
.rar
System.Mechanic.Pro.10.8.3.51/Assistant.rar
.rar
Assistant.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 292KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 637KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
System.Mechanic.Pro.10.8.3.51/lorddownload.reg
System.Mechanic.Pro.10.8.3.51/readme.txt