0976777165ba1d0a18ef9c08c0442352 | Triage

Sharing

General

Target

0976777165ba1d0a18ef9c08c0442352
Size

6.3MB
MD5

0976777165ba1d0a18ef9c08c0442352
SHA1

fb258d967c7e4d07f0b9cde274cedc4c382174bd
SHA256

e5bebaf23742c65d7aafe75077c439a9757f99fa5810057a97dd3e1bbd6e091e
SHA512

960cda9f1979e73a86eaf65116623c726d879484c6b3b3999f0c9d4741bf69ee6faa07e0fbe1d6ee4feebdd0d84105a0927ed583401d45044aaf6b9343d0705f
SSDEEP

98304:gJ34K8qiqtRxni6UCa29PdjnpU9OtHvXflm0Mq/LlxGBO61c1Zf8QvuCK6FPE20m:bK8qbtR0xC3VDpUC9MdO6MZk6+OE20

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0976777165ba1d0a18ef9c08c0442352

Files

0976777165ba1d0a18ef9c08c0442352
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 416KB - Virtual size: 855KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 880KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ