01ffc6dd2d54ebc6e37a7760ed07ce7f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01ffc6dd2d54ebc6e37a7760ed07ce7f
Size

5.7MB
MD5

01ffc6dd2d54ebc6e37a7760ed07ce7f
SHA1

57106934d585633f37df17c746956826409bedd3
SHA256

34405aa5a14de0d6ccd864827f1c6b1a5e65284cb71e29bc396ddaa27bbc6d2b
SHA512

8423074623dc8c7c294e4ca4df3b41cd2e680766627859872ff67ca4b89ccb2d6c6c677471252eba5f8730ca659ec3efebaa15bf48eb7aca2c200a1f79094e56
SSDEEP

98304:3bjFAgQ3g2ev/INMYOaf6UgWU5qa6iyMl7b323hB77QzF7UPSqh0iFl:rj+g125GipI6iyKf677YiKqhLl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01ffc6dd2d54ebc6e37a7760ed07ce7f

Files

01ffc6dd2d54ebc6e37a7760ed07ce7f
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 580B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ