36b2289fd85e4b93baba3f1a59673abb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36b2289fd85e4b93baba3f1a59673abb
Size

4.7MB
MD5

36b2289fd85e4b93baba3f1a59673abb
SHA1

ea991a1f41183cca1afe33b6e02691d209966815
SHA256

53c72ac2e075b775f52634cfd7c2ccca9e09d4a93d4aa8b6c07b3dd486e8393c
SHA512

a151e106388ad7208dbdf7432c02cf250b2266bba5687fcb1fdb7400a88a88fea854306b5dbd734db7fc165604ccedb6d905c3a54286d1a9dc3b1e8e09e9bc9a
SSDEEP

98304:wnJbZkbVlAjgowqcYvCYIWA8wDNOryU8Ejy0Quz/u:w5ZkBligow/+A8wDNO1830vz/u

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36b2289fd85e4b93baba3f1a59673abb

Files

36b2289fd85e4b93baba3f1a59673abb
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 439KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE