1fa802e77af3ca26198606c9872b04d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1fa802e77af3ca26198606c9872b04d9
Size

4.4MB
MD5

1fa802e77af3ca26198606c9872b04d9
SHA1

62ca33f1c022d475e39e2b109330f40a2e194878
SHA256

546fd7ea7d76a7344c52b1e803b9475c85f7811e850136002e2afc264744a7a8
SHA512

ebd3de7abe2afea5a1e4d15745bbeb23753cfd8adf6a60f375bb1e3feb99f8f91c2552212a8510a09aa88949f2280e5c7a85f19b2d98d8d1e37db4236aa7a150
SSDEEP

98304:R/tnAa/aQ+iWkJqk+V8YVlqr5EcIJOoPdW/e+BqE/Uf64:rnCQvpJqW8QFdUZ1WGBD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fa802e77af3ca26198606c9872b04d9

Files

1fa802e77af3ca26198606c9872b04d9
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 585B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ