051a3b2e8aea784b57e9dc3c007ef2c7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

051a3b2e8aea784b57e9dc3c007ef2c7
Size

5.2MB
MD5

051a3b2e8aea784b57e9dc3c007ef2c7
SHA1

24a6a406e6fdd241d0cf169913b52a1056404d7c
SHA256

60f5ba08268ce1795c32f026e332034f519debac30373f7127d7d4700efeb83b
SHA512

0e34b16ff0d5d6e8e7ebb998b51f96edcd0e9eafdb1c11e6b0c882690c144ae3fa879e81690c2037601b5b2f3b752584b1be349da124ec7eee27e82ec1902637
SSDEEP

98304:C10Q7qxbVlubFwBJVrlZL9mPPYY3aklSGNVzy4LG0:C10QWBlubWBJVrliPP53akl5f

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
051a3b2e8aea784b57e9dc3c007ef2c7

Files

051a3b2e8aea784b57e9dc3c007ef2c7
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 506KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.5MB - Virtual size: 15.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE