0796aa71cd26de38bbd3d18258c4d76d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0796aa71cd26de38bbd3d18258c4d76d
Size

1.9MB
MD5

0796aa71cd26de38bbd3d18258c4d76d
SHA1

a6365495ad84931e69c0d781441b263ba4d7745a
SHA256

6441ae8877ff7447e23c25eb0ead32fddf433a7d1673a2e1fee7d437b735d191
SHA512

2367abc4baa4315d86cf96d678d1402c268bb0d3ad2b3056a69e7ab1d156b9b88cf67c4ffa29f630f81acc23fdd38a2aeda069f912cc9856a221b21f27d24632
SSDEEP

49152:asq/jEdE/lMONnDFN8iMIsfWveDePVR1B9yuVXQy:aT/4dE/ltnDQxfWvNRoV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0796aa71cd26de38bbd3d18258c4d76d

Files

0796aa71cd26de38bbd3d18258c4d76d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 6KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE