16ac2eddeeacc44e1fd1af16a304d25a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16ac2eddeeacc44e1fd1af16a304d25a
Size

3.2MB
MD5

16ac2eddeeacc44e1fd1af16a304d25a
SHA1

250c5d4d3a849ab7ab61605056f01c4023aaf933
SHA256

740656544dd93d70ce22ad34af69091d9535ecdee1eb1d6678c0f0a4ae135c8e
SHA512

7811c9b3e2ad13a7755baf6161b43a931079e9203adbcd75e9302b7d1b9de1652d06e11bfa59cc3eb578bbaaa5dcb54cf2e1b969861d257b3ee2bd6d23765bdc
SSDEEP

49152:RYms6XMPAGgeUv/GnjTRY4ijLmSkpRSjqgj5a4QCot3AyZkFiGCqCiJsZ7l:RYl6XMbjlY5mSkp2mJCoiIEiYE7l

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ac2eddeeacc44e1fd1af16a304d25a

Files

16ac2eddeeacc44e1fd1af16a304d25a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 267KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 287B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ