27e8ddbc9534d6aa80e1a9a136da739a | Triage

Sharing

General

Target

27e8ddbc9534d6aa80e1a9a136da739a
Size

1.6MB
MD5

27e8ddbc9534d6aa80e1a9a136da739a
SHA1

d8d6a9dd1d411a96951cc73965e619a0dcb4e780
SHA256

5d20438c3cda927169cc2c651e5d5da09c2e135a959d1a7205248ae3d98eeef5
SHA512

32f6306bd2eabdd92799ca06c60d129c5c6e14f98eafe0a5bda4f2ba7c439ea970ec0b946ea39c9a9c496564b6d63170f566edb34d3fac343e229aa3fd0eb929
SSDEEP

49152:ppwGJMNFog2T7S97A21pIV6paI6ekqyLAg:p2hqTkItIIV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e8ddbc9534d6aa80e1a9a136da739a

Files

27e8ddbc9534d6aa80e1a9a136da739a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 217KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE