197d3a4d2e929b90a112d45a68737c63 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

197d3a4d2e929b90a112d45a68737c63
Size

2.2MB
MD5

197d3a4d2e929b90a112d45a68737c63
SHA1

2ddd0967713b70a9ef1dfe943f6c7c3e083e3940
SHA256

15b6e58428d30f2aecb74d19d6b5d6067e4353ab338d284685c36d28fef8c079
SHA512

34d4b47c3228d33c23a05b401a8cb6427ec8c42e1efab1856118ac35216987bbea6018c81460b582d68ca38ae062f7339d94cacfd10fa7fc845483535a836e8b
SSDEEP

49152:gzG0nMoq9d3jVYgq56OYakUxPjoOkbYbIzao1BiFitBaC:gzG0MPbVYgYYakUxP8OooIWq1S

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
197d3a4d2e929b90a112d45a68737c63

Files

197d3a4d2e929b90a112d45a68737c63
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 421KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 543KB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE