0650bafebb36a9f4b237b55f7a229715 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0650bafebb36a9f4b237b55f7a229715
Size

904KB
MD5

0650bafebb36a9f4b237b55f7a229715
SHA1

0db01c33483100654033fc746d8f22e1af8d06e5
SHA256

aae8a78b750de963259e670ff6b639649b18af74addef22c865081ab027c948e
SHA512

8cdd5ec5904fb7b0d35b1d061e15cfc71d5ca540a8c8af83d00b25294ff8c933dd5732421cde235a8465693fff88d6aaa193f513199c02477777a390bff7afc9
SSDEEP

24576:kMMNbEbY1CDtDeS/Zmg7hY0MzA92utT3bGswYcP5G/:kMMNbEbY1CDbLWAT3bQA/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0650bafebb36a9f4b237b55f7a229715

Files

0650bafebb36a9f4b237b55f7a229715
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 228KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 644KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE