18ee0a2a9dbb74066cf25c2c3d1972b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18ee0a2a9dbb74066cf25c2c3d1972b1
Size

4.3MB
MD5

18ee0a2a9dbb74066cf25c2c3d1972b1
SHA1

34bb0bc712a461b19621197e7430d16d52fb25f0
SHA256

e8aefa6fe99a435f8aa1e312d85c2b6271705ed3f901c9ee3544b36b020dbadc
SHA512

3aaddca69a2e6b77f40f1f587280b5f4359ad6b7dffe70bad7af9420e76dbdaba512682b1884d314c9cdfa88a563c1ed178bad31c0905e6c1ebdbfedac62b319
SSDEEP

98304:Ja+LHy1L/v1zyyeFZtpRdy2hSweihAwnh3npoKL9FYL0KTKIbkU:Ja+LHWDvByyePDRgZ8Rh3npx9y/WIL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18ee0a2a9dbb74066cf25c2c3d1972b1

Files

18ee0a2a9dbb74066cf25c2c3d1972b1
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 577B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ