0c8a411c2790e966edbe9b223d333619 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c8a411c2790e966edbe9b223d333619
Size

3.8MB
MD5

0c8a411c2790e966edbe9b223d333619
SHA1

9d85982cef9451ace49e159f864822b7dc15ccba
SHA256

1fd7742b67858f0e073f36c4c05784b33e79d1fdb5cb65a4dc550b196cee456b
SHA512

60852458d00ffb4ec41e2b168b61c34db9f8946a9533de9060307a9edf8be6f4c7b40051671985575578bb3a9ec70dcc4888086eef9efcbfd68f283d9205bfe3
SSDEEP

49152:ebLZVxS+yDyaRG28zzzlt2D9YpORZYVdQFA0tRHWwpP:ebvT283zlt/2Zyui0nzP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c8a411c2790e966edbe9b223d333619

Files

0c8a411c2790e966edbe9b223d333619
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 150KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE