11cbc79d9b29cf9c995ed16cc679cac8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11cbc79d9b29cf9c995ed16cc679cac8
Size

944KB
MD5

11cbc79d9b29cf9c995ed16cc679cac8
SHA1

f5f5e914814f596aa88be9c8379f96632bef3e72
SHA256

261df3c9a6eeb59897d7c80e1be00e836394a1ff87fdc1f7a35ff55187414861
SHA512

55717a2946cb5131bf2611b846a9ce9d1dbe1208e9301fda80a2e4cab4f0dd2bbb9508030e9764b208d3c650d16a444a4e7dba2e489af396beebfbe86a9ec87d
SSDEEP

24576:6IJLVhsFu/uE0pEUjHL6nVbg0uft0peLRB2+r4PE:6IfKpnDX6nV80KWULD2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11cbc79d9b29cf9c995ed16cc679cac8

Files

11cbc79d9b29cf9c995ed16cc679cac8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 40KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 860KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE