218e353a375f445934d7d5014e4912f0 | Triage

Sharing

General

Target

218e353a375f445934d7d5014e4912f0
Size

4.7MB
MD5

218e353a375f445934d7d5014e4912f0
SHA1

870a2368994349b0c506fd2a29a168d47da65269
SHA256

142d86345c469d3fbf0468c25da1fbae4ee10ab0880f4c18be82bf822896b2c3
SHA512

9a3c1881e8b7768d65dd6a403072cf5f84bc3016d805f08a4efcdfdbecf5582517c94a9d6dde476fc8068755283902c142183f48032b7d9ddde3c07735e11bd3
SSDEEP

98304:QdqbM6oyZhFP0IsH+4IaDYp+QVj4sWgT/wp4yF4UcXCoUHUB1c7bg:QdiVo0Fcl4aEIQVMsWgTIuyF4UcXViGl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
218e353a375f445934d7d5014e4912f0

Files

218e353a375f445934d7d5014e4912f0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 433KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 431KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE