2501be1e02db917304a8b1d3bffd55f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2501be1e02db917304a8b1d3bffd55f5
Size

2.1MB
MD5

2501be1e02db917304a8b1d3bffd55f5
SHA1

4c93386f8666edead31ece051ec19358836a5034
SHA256

d3081771c2a87a6f5c94a8250992f904a7ee5298857f2c3e3348e01baa1cfa26
SHA512

723685c7d75b83e402c40de27b9cefe186c39ad29d31613ffafbdf9e4f2d5caf0567d485dafd9eaf2255070636d8088073281b0c78dee2ddf5bd0a6ec4750ea3
SSDEEP

49152:zxxxp31H85DCEGGi2XjFoA33XcJ1HxT9c35QUNVw:lzpVEG6xoAsbxTOQUNm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2501be1e02db917304a8b1d3bffd55f5

Files

2501be1e02db917304a8b1d3bffd55f5
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 791KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE