21a6b157720ee960c75dca177b4acabd | Triage

Sharing

General

Target

21a6b157720ee960c75dca177b4acabd
Size

555KB
MD5

21a6b157720ee960c75dca177b4acabd
SHA1

b76688ab4acadf58ff2914d5945d28b114e4946e
SHA256

f4328bae17d499c70c898684e6616f7fd3de0a6e4a5efb3460f3be127487d4c3
SHA512

17fe490f83e42045f35c09ee98dfb613db816eed589f493a8a5cd3f6fedabe32b13ce7ed1e7d23d178f693221fb8b13990637cf753f94e5ff15455d8e99dbbf1
SSDEEP

12288:D4OHKT5XnCESz2582yvBHKIvzxpzulu1rP1RNd0QNh0t/qKIdHJ3:lqT9Cfz2fyVlpzulu1rP1RNd45qKIdp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a6b157720ee960c75dca177b4acabd

Files

21a6b157720ee960c75dca177b4acabd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 58KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 491KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE