0cd6d5fef0b100059834b6f2b492597d | Triage

Sharing

General

Target

0cd6d5fef0b100059834b6f2b492597d
Size

3.0MB
MD5

0cd6d5fef0b100059834b6f2b492597d
SHA1

10d63e8bf2f3f25191f3e8139ac6e8a2c30b187c
SHA256

1f5159e7246406a35d7862837266d3a26a7d03c1d4ff2761095df19dce24ef7a
SHA512

d056e78a8a7dd1a7c54961d5750904458e3f31e1904e03a8e99f0c4cc8164dbccf2ad72c878cda8e1404ee6af2683fe6bdee7d73d0cc268fcc92f01f0e50f843
SSDEEP

49152:JNJGa5tRBoOjr0yrbPKkwq4bFAAQXr9fwdKM4R1enI4H4abHxO0as4ZRMm2v7RQ9:hXR+0rXbPl4J/Q5foKM4KnInoH8jRZR5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd6d5fef0b100059834b6f2b492597d

Files

0cd6d5fef0b100059834b6f2b492597d
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 581B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ