0da037129d115851227eb3d1b9aae657 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0da037129d115851227eb3d1b9aae657
Size

897KB
MD5

0da037129d115851227eb3d1b9aae657
SHA1

5a760a0e368ca0febfacab99ebfac5a0533449db
SHA256

4838ae6df83444536b55f05edae1a5f1cb32c42ca4de4e1efc44a6cdbb777945
SHA512

af80170ed4f9a65b9194e4a13f4f6447c0749570ae1785d6d5c133342e03407a593dd0a80b74749151ef1609294b09af55a261b170175d3623c75dcb3f47ea88
SSDEEP

12288:vXlvDedsfBLeJOfY2R90PVg+9wQ5q33PgCI3k/GPArLIp/lTtSTH2KXv6HW0r:v1vCdsleJOfZRimVeqnw+GTrtM3Xv6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0da037129d115851227eb3d1b9aae657

Files

0da037129d115851227eb3d1b9aae657
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 287KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 597KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE