2061feb985897b5fa560ec5b0526ce9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2061feb985897b5fa560ec5b0526ce9f
Size

3.2MB
MD5

2061feb985897b5fa560ec5b0526ce9f
SHA1

d6a7f6b0bdad9541fa72941e3d7b63614dabb30d
SHA256

71797392bef994ffc6153f015b7915e258aea92fe72445909e85d9709bf8aafc
SHA512

e1b8e260a6e148014b768c646217ac995a5023ec39374a12fa5ad093f557a64f8d79ad0d27e98237d38af1cf51814b27201222e03c6c62526efb3858d19b6926
SSDEEP

98304:yJyI5QYo2Vzywcrv7pkCbNAIzJGkXC8/q:iyI5QYpElRxjl9XC

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2061feb985897b5fa560ec5b0526ce9f

Files

2061feb985897b5fa560ec5b0526ce9f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 498KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE