6bd099cd94c644f8749527b9787a7a2c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6bd099cd94c644f8749527b9787a7a2c
Size

851KB
MD5

6bd099cd94c644f8749527b9787a7a2c
SHA1

3ab95fcc534ae4b16b02ba0bc1e89c6e40732606
SHA256

791dd8350b3f5ebce6c5642ede00873bfa713ee84cec37913a5f104257eb6eed
SHA512

eb699af9ba1d265e9eedebcf7edcb1a96d2d76fa6a6d1c15a3270ea0c331ac7da0fdfa8fe8c8cd5fffaa19989da5b8586d3a7e628236f0897e065af84f1a518b
SSDEEP

12288:viGeeXz1NXH2vx6+nwed05qjqNoczwBWpDNLpyMUjnM2Kso/8Wp90vSeclCp9r:PnXzfktm5fqccBW5/ynnM5syzeSeclM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6bd099cd94c644f8749527b9787a7a2c

Files

6bd099cd94c644f8749527b9787a7a2c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 78KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pseudo
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 614KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE