208ee235debf8bd400509a2a5680343b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

208ee235debf8bd400509a2a5680343b
Size

1.2MB
MD5

208ee235debf8bd400509a2a5680343b
SHA1

a8cdac83bb60ed8c029f1e177edb9305df5e3fed
SHA256

1edb22f7fb2a6b51c7ff1f9e3372858394c9ca5359ff0f3fddcb655017632d1d
SHA512

d41df5f2d484f9c4a1f78a44692f101abc32d94c3a3d870d226ae168972b0165279de5ebf36d50df20ec76cba4b5f9b8b7334748a13c45938f438119f1796bfe
SSDEEP

24576:sbtK8WZO5YnpLC32bJtUHkUrnJwG7JyCR5iVsq2:K08YOupLLjU/37J3RO2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
208ee235debf8bd400509a2a5680343b

Files

208ee235debf8bd400509a2a5680343b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 6KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE