0ba9ff493b4fc29770a7287557b9e218 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ba9ff493b4fc29770a7287557b9e218
Size

3.2MB
MD5

0ba9ff493b4fc29770a7287557b9e218
SHA1

9f394bc15b444ad8eb263f04fce538b7954a4869
SHA256

f34b5661c57c1cb7122080718a62a0c1166efd2629bcbc773669bbba7cb69fd7
SHA512

34416e4c8026f3dbb054d714eb94a7af0c189eb75399a8b98a9b846e997aca65d758d2ae98b6bd607148a348df40a70c133b34f915f287fde24b536379bdc7bc
SSDEEP

49152:vjd5FqFP7J2xJCfew5lkxpg8QiR9mdhjCT3DcozOxMwgm8OQFtyL4IiULoWlHXOZ:xHq1l1mwnkfFTzcmOiwi04KLoWBXO/I

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ba9ff493b4fc29770a7287557b9e218

Files

0ba9ff493b4fc29770a7287557b9e218
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 470KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 610KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE