0631b82f2295ce87c1c215faaa504168 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0631b82f2295ce87c1c215faaa504168
Size

832KB
MD5

0631b82f2295ce87c1c215faaa504168
SHA1

ff00581a9533574049e437f1bd198c9b78acea61
SHA256

8fe2986571d9217f3699fea94ee7225ea792a2134c125e084d7e6955fdfaf3de
SHA512

a13e4d16a0f72d372b9353a1ed152be6a42cb946a08117a12146941adf1e5e6c5a0821e6099620e61faefb26588af157ac9d17985c40be7fb1afdb3feababde0
SSDEEP

24576:t/3shxtiZRcdapm4sYtlgueFAHNBTNpBR7DD5:RsvtiZRcdapmA8uM2Zj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0631b82f2295ce87c1c215faaa504168

Files

0631b82f2295ce87c1c215faaa504168
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 228KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 584KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE