1feb37d48d46590fb0665b264a980289f4fd7a1c2cb2eae6c6cae7728ff7e55a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1feb37d48d46590fb0665b264a980289f4fd7a1c2cb2eae6c6cae7728ff7e55a
Size

2.9MB
MD5

e8fa6b88f2ee83cd43db86d478bb9be4
SHA1

d82d73d37825e62a38dee8a670163f641618de16
SHA256

1feb37d48d46590fb0665b264a980289f4fd7a1c2cb2eae6c6cae7728ff7e55a
SHA512

f7b4ccead9e2c80375bd7906eb3b8f0fd67e7b09a50c8c436cbf2b99ddb801835d3de877b87ce62905cb2003e1cfeb278fcd8f11e1e81a559742c7656fa1ccb7
SSDEEP

49152:2SpVqtzhBeJdtKOx8nP5IsLU8y95ySgkJW3+iPLFjO7T5w448COtCs12O5sV:2SzoPDQuSgQ+tPLFe5R48HtCez5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1feb37d48d46590fb0665b264a980289f4fd7a1c2cb2eae6c6cae7728ff7e55a

Files

1feb37d48d46590fb0665b264a980289f4fd7a1c2cb2eae6c6cae7728ff7e55a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 388KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 24KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ