10d86273f53924cf9c3855f37a1315c8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10d86273f53924cf9c3855f37a1315c8
Size

11.1MB
MD5

10d86273f53924cf9c3855f37a1315c8
SHA1

caf0e0e9736a824c2c94fdf1788edd2725045b25
SHA256

97e56e42a04118d900520aaa5345b06370ee441d8b0c7a512ece47690fc0709b
SHA512

29bbb72524b541b9f865ce57a9f7172b32a6a342b3ff27c6176e9086b729537e32ea1174f8605d026214bdcb5c3fcda67cb5ffeb56cb3ca1b46bebb1a804b2c3
SSDEEP

196608:ShNchLyc5nPaYw5+VhyxsN3k0PKcZtDWW+YctynmJgCQbbhNwaNgXR1HwkDLMdss:uchLy2PaYw4VMsjCc2W+YCy/v141HDm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10d86273f53924cf9c3855f37a1315c8

Files

10d86273f53924cf9c3855f37a1315c8
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 7.8MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ