4b43c1413185ab650e6791a3d4f27fa0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b43c1413185ab650e6791a3d4f27fa0
Size

2.6MB
MD5

4b43c1413185ab650e6791a3d4f27fa0
SHA1

6e7056615ab989ff6b188265b36a9d8deb0c6242
SHA256

f00e89ba893106ebaeb817dddcc20008cee78fed98615d03f6ef27bb0d9c52a2
SHA512

4668006cfe1bde3fdd5d684f622e3267845fd3220bb51598dffc54cf975a8928799273aafb10d324a5b1cc86c7bab4670babef87b0e6144e252b0171e9a624a8
SSDEEP

49152:vDGNWk7K9LH6zXVVABeFEsPcEzs2U0vmqO8aU5JNnw:qskO5azlVAMF5GrGNw

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b43c1413185ab650e6791a3d4f27fa0

Files

4b43c1413185ab650e6791a3d4f27fa0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE