298ebaa10cf1817a51caa09186d8a09e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

298ebaa10cf1817a51caa09186d8a09e
Size

717KB
MD5

298ebaa10cf1817a51caa09186d8a09e
SHA1

918876d5186b3b095662723934f2b6cdb7f619d8
SHA256

4d94411fb8c5b48ac228b4e61b207d871dd66e75346f69364552b8187f124c49
SHA512

7bebb932c2aab79df71922bc253c6ef740c654fc8c50d3ce96c366095cd315f375b6a0ce0ba530e5d84b216b435be2f61084512ce767749ca5e5451df74e45fd
SSDEEP

12288:dnPN8cP8Fc9qTikm8CRaGp3J6DE3Q6u96Gl+C+JNofy4tfzYSzEDN6:p8Iq1EaGNJui9w+3oqSE6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
298ebaa10cf1817a51caa09186d8a09e

Files

298ebaa10cf1817a51caa09186d8a09e
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 27KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 424KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE