28fcd08f4e6606bad8aef5a85b56997d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28fcd08f4e6606bad8aef5a85b56997d
Size

963KB
MD5

28fcd08f4e6606bad8aef5a85b56997d
SHA1

39c7f8e6583b2f4cbbef6e02d18fb2e8d51e0227
SHA256

8d222a9d688b455223d18676af9ec9a6d69453498852b7eafe567bb707c75c95
SHA512

63f46c00ff70a69fb1dc0a8368ee72067f72a0d078a2d8888e6be798fe674bfc9ad158b8964d1c21da4f9a7bcf4bf24917f975a4d65df5e91f72cb44a153a231
SSDEEP

24576:Il3ibJ7QkyJ5Jfolv84pcgsCe4QXHU6vkA:+kQkaZYyTU6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28fcd08f4e6606bad8aef5a85b56997d

Files

28fcd08f4e6606bad8aef5a85b56997d
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 229KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 593KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE