2d48d77e7b08e52fbdc5da13d776f857 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d48d77e7b08e52fbdc5da13d776f857
Size

584KB
MD5

2d48d77e7b08e52fbdc5da13d776f857
SHA1

23ad64d9053126e67beecdc8e985c1a62b1caacb
SHA256

8863b5204f45cffbaf2621ffc8b3d8c5ae5717ddfe67ea72f1cc7d8b9d95a907
SHA512

5a45a64e09e391f575bc3c2e181dcd4238ee995bf14fedc8ddddfa145a5d676520e1e6fc855315d6a2ebdc43896cb857af40a9af9795ae43742fc37d05e0a4e5
SSDEEP

12288:utZexz6wdmJUeTBpD+93Y4TFIL+YB1y7Xmaha2Fqv6Er:uHexzxdmae9pAzk1yjmahLwvx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d48d77e7b08e52fbdc5da13d776f857

Files

2d48d77e7b08e52fbdc5da13d776f857
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 16KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 563KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE