78c6c248044ecbc905497c6abb0dfd9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

78c6c248044ecbc905497c6abb0dfd9a
Size

3.3MB
MD5

78c6c248044ecbc905497c6abb0dfd9a
SHA1

5f9f1cceae7e1f7a65e79ce7a05822519ef1771b
SHA256

b39c671bcf6655f80a1dcf0c81cbbcac065ca52645a1706d4bb7f103798923e3
SHA512

253786df94a9cc5817401943a60880667c94f09ee3f1c02fbe2c31fabee449bc748a4646e34712c98f20c2914a23d0f4a39c9dce2ec9db704335c6682c4d3c8e
SSDEEP

98304:KGthWyF8eIDyCzrmg633QAKFrzsLwhRYwE1kfIo/t1TA:phWzDDzre3QAKNbYwjIo/t+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78c6c248044ecbc905497c6abb0dfd9a

Files

78c6c248044ecbc905497c6abb0dfd9a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 142KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ