4b8f433da44ba9a01469bbe5fd5b3c04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b8f433da44ba9a01469bbe5fd5b3c04
Size

1.2MB
MD5

4b8f433da44ba9a01469bbe5fd5b3c04
SHA1

e0f22b21f9e0c68e1aaf542d28a2550db8aedc8d
SHA256

d48d1174c46117e1d25e4ed07e8bc9e45dc7f12494c0155213a2f12ea54c10cf
SHA512

2160dee92e99bc153ec35eafe0cd3dd798c72f2c1c82febd3debfc8f7bbfde0f58d61e83beb6ea3719ad6fa01a172763afe9b0cfa072390497a9a4835448f110
SSDEEP

24576:exoVRfao3Dgy90DrxG/KxRAtgoJ3/bCDhOovxIZhX830D98S85OOX0tGDw:2obSYN90HxcCWJ3IhXIZhXK0D9WXXqG0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b8f433da44ba9a01469bbe5fd5b3c04

Files

4b8f433da44ba9a01469bbe5fd5b3c04
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 449KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 628KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE