1868b8297aa938d8918ab0ed3f619794 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1868b8297aa938d8918ab0ed3f619794
Size

2.4MB
MD5

1868b8297aa938d8918ab0ed3f619794
SHA1

2d39b73dd0d6684457587d708aabdf83a211547d
SHA256

4a6bf1668bd4c6a6c8afbcea62d489853885f492a381d0d49b9e4b96ce2fef34
SHA512

a68e455bd5d4337d7bb8f05080102460361978490bb2d824f9a6ac43a4f25325c02dd927c1284ca1972b0e41b7c027c65b1d9d7f0a821f0299adc3e7db55990d
SSDEEP

49152:/7Hz2h6v2zjbcPaSL7PSHsMdlmWLMtZQnEd9s6YvOPcEIVNeETiKjq9vA:zHiUOvb7SPYMWYtZRCxRNtTikKA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1868b8297aa938d8918ab0ed3f619794

Files

1868b8297aa938d8918ab0ed3f619794
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 581B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ