102322223922116321c49df10ea50978 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

102322223922116321c49df10ea50978
Size

3.4MB
MD5

102322223922116321c49df10ea50978
SHA1

dc128a9c785ba69bde4228462ea24120bc46de35
SHA256

8f96fa821418091b0e1fcc1c709977aaefec905b343764563b335db3682cd76e
SHA512

51a698646a918d0285fd4c85029baeb0b1eba2e5644461c50a4d5c26b898c94daed2c274870093cb82be8a72a0d08a61f3d4260a374a0e0aac3ae04d675a910a
SSDEEP

49152:lkz1C4N23eLYyvlFzg9/P6cCZbeWxMTEQtDwv22aIEASKmr+1HGaNLOkEFloyucP:U04fJzSyVZbigQ9wv22Mq5Ok+FucP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
102322223922116321c49df10ea50978

Files

102322223922116321c49df10ea50978
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 143KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ