0d1248894ef2e21ff5816a3e8f18bc5a | Triage

Sharing

General

Target

0d1248894ef2e21ff5816a3e8f18bc5a
Size

67KB
MD5

0d1248894ef2e21ff5816a3e8f18bc5a
SHA1

f2b5090e5f8080b17f7c03a9c09dcdc2ca7d19fc
SHA256

e25337c8a17ff846009276d630e30b3a295b5cc0e79de1e744d93831beb65411
SHA512

428cd27c784ff614f724e6ef5a96326b93029f9e840195f11157a0a93782c7684810708bb0a36fec77bf4cf3d19842c6a3811724b59fea192882f2138375abea
SSDEEP

1536:Q79O2QhVrrmVzEkCXOkbvvJZVdMyaYPvW1VegDdeG2TQRxTDCvHEg:Q7chVPuzGbXJDd2gvsVJmTUxTDYN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d1248894ef2e21ff5816a3e8f18bc5a

Files

0d1248894ef2e21ff5816a3e8f18bc5a
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 681KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 761KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE