4237ffc34f5bbbf439dca3a6f061d097 | Triage

Sharing

General

Target

4237ffc34f5bbbf439dca3a6f061d097
Size

1.6MB
MD5

4237ffc34f5bbbf439dca3a6f061d097
SHA1

c3ce44e17b256c104007da7c04e5fe42a6bd9695
SHA256

818f85629a2e0b946c4c74fa70e767679f0561d28dc2f2e987cfc4734f5de197
SHA512

c70b3c924e9c109823bfddd741ef9d562d0262e3dcee7256ae7c7b32ad8561c07ab8650be28630df7ccdad86b842d701047d2f9a7f9a7f079ed19e1fd1bb00dc
SSDEEP

49152:P19y0UyneQT4Y+P1clhnfklgRso9gKgH:P1fUyl8Yg1W9klgRsoeHH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4237ffc34f5bbbf439dca3a6f061d097

Files

4237ffc34f5bbbf439dca3a6f061d097
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 935KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 623KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE