8cc0f9bcc2dd088cfb98fbf216188909f6d2c2cce14ef60a756dc7bc89f1c2f6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8cc0f9bcc2dd088cfb98fbf216188909f6d2c2cce14ef60a756dc7bc89f1c2f6
Size

3.0MB
MD5

224102c1f18f67b9e4b86db3767a5196
SHA1

27d3d7f0ec0ba5c9e1e745d233cf64b2ac1abc5b
SHA256

8cc0f9bcc2dd088cfb98fbf216188909f6d2c2cce14ef60a756dc7bc89f1c2f6
SHA512

d64600225f01309c6861374c76f69e2c078aeb556987ff3c32b28e23896aff79323b17320617ddceed6cb1ad2d136e5e317d91a015910ebe2a96de3d926cda21
SSDEEP

98304:mS2qku6bW4P0U2dXZJFpKEvu9RRG7VPAC8buuR4o:tiHZPGHnpKeQRG7NJI4o

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cc0f9bcc2dd088cfb98fbf216188909f6d2c2cce14ef60a756dc7bc89f1c2f6

Files

8cc0f9bcc2dd088cfb98fbf216188909f6d2c2cce14ef60a756dc7bc89f1c2f6
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 988B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 39B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 227B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 267B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 54B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ