2bf9d61bdcfd0abfb600183b1533d932 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bf9d61bdcfd0abfb600183b1533d932
Size

4.7MB
MD5

2bf9d61bdcfd0abfb600183b1533d932
SHA1

5d11bcbcb3bfe6b1b42a67d02957fd6de93e510e
SHA256

5f6e9db49d64078b076f5fe679f601c3e7cff49f2d541e87976ab632f51ce695
SHA512

79cfd9a55e33b4733193fc2e383dec3c70c590e6cfd7a442fb4f8cf12a25838231e4e170e9350cbe76bca86d784d8493c539f9eb114a10e4824041da821e0eee
SSDEEP

98304:tZI7XDB1CWzhf7B1fqewiLEfyuHOcs5eIOhr5VBqfRJIDMauNf32P3R7:tGR1CWzhDB1fqZiLEfyuM5uhkRJIz7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bf9d61bdcfd0abfb600183b1533d932

Files

2bf9d61bdcfd0abfb600183b1533d932
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 39KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 583B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ