02fff96d00fce63f91693be8f4faaf4a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02fff96d00fce63f91693be8f4faaf4a
Size

5.8MB
MD5

02fff96d00fce63f91693be8f4faaf4a
SHA1

a8dbd38c97f1622169f87c16d2b70e4d232c78bb
SHA256

34ca52121a3bca1f78b529869902803e57cf04e56e1c25a14f217f74bdd80fcc
SHA512

0c18fe7afd8348dfdb4197a7ace3555896ad14a8ef949c30849143434f34285934539662bc3d29eaf689d4120adcfeedb9a47d777da66eeb17517608a07b0705
SSDEEP

98304:QYo6TcmSwyfmP1uzhTHEsDLYOf/e0J2k1cDLmfJnXv3YE/KY/ycRA0zGIImlyCKI:DcV81W1Hr4OHepk1cDSBTSQycRA0vIl8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02fff96d00fce63f91693be8f4faaf4a

Files

02fff96d00fce63f91693be8f4faaf4a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 230KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ