25ac5976e92608cafb4f8efeeca8ad1b | Triage

Sharing

General

Target

25ac5976e92608cafb4f8efeeca8ad1b
Size

3.2MB
MD5

25ac5976e92608cafb4f8efeeca8ad1b
SHA1

8e0d635855c83a3a002b07941474dd6d77cc3872
SHA256

3eda9b49c6e96a7f5f621f17e9f6dc8fa92c0000cbceba83f120ff649728078d
SHA512

cbbb8022cfb1adef341a3497312a59c2151dbeaeec8ff35d61cd65b4e20a8633fed4b554df108b7516b1510bfe2abd95b0bb704d8c1ab7b79b03147e7e850d33
SSDEEP

98304:hNGbx465ZuDsmgfoMi033NCNMj8FX4WKaTkye:hNGbN+smgRiYCNMhaTkye

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ac5976e92608cafb4f8efeeca8ad1b

Files

25ac5976e92608cafb4f8efeeca8ad1b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 39KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ