15dbc954cd4f54abc55486ef11375fa6 | Triage

Sharing

General

Target

15dbc954cd4f54abc55486ef11375fa6
Size

25.5MB
MD5

15dbc954cd4f54abc55486ef11375fa6
SHA1

c671fac7354974f482b9852dfbd4c9204782f317
SHA256

1e71f322863511ac34ab0013f3740b1921a9756f4b326d2184a8f6159e61ccff
SHA512

f4988c3fe2d18cff76dd869e65c60b06c9943f88c92f29807ff6e29044f3a166e7b3c582793e1c1a56bb3e98e6c51edc85458ef809825fd694f15fec3bcf46ba
SSDEEP

786432:XLtc+xXgVxnovLYeLV1yhoyVOvgWWv7S4:5cUI49xHyQJ4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

15dbc954cd4f54abc55486ef11375fa6

Files

15dbc954cd4f54abc55486ef11375fa6
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 109KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 53KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 41.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 25.2MB - Virtual size: 25.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ