020809001cc26bc2629549c5c0949050 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

020809001cc26bc2629549c5c0949050
Size

2.9MB
MD5

020809001cc26bc2629549c5c0949050
SHA1

e9b3cf5ad42c4cc93250e399c999d633b3dea0ad
SHA256

8b2ec6e2635d6cd17f96204edc0b9356129ba90639603a532376404a2fcd910b
SHA512

05dac8576fe26880bb4c1e4aac6f46fc3aa01f24d47086b549575256681cb13c9c0524ecec6b820020ba04f47762b9c088667b0206c28aac868fc4c5d5729144
SSDEEP

49152:kQKKTOjqsFksk4pq5O0xUSnWeBnusWn/ZEGbEvxETpZNqV3GKM/yeNplw7GF:kQKNjqsFNopxZnWQnusoqfZElP23M0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
020809001cc26bc2629549c5c0949050

Files

020809001cc26bc2629549c5c0949050
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ