389d13c6710e1210d5d7371bfbb134cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

389d13c6710e1210d5d7371bfbb134cb
Size

2.0MB
MD5

389d13c6710e1210d5d7371bfbb134cb
SHA1

a7a45b688bb63131e162ee4eb75e3eb197196472
SHA256

3f3c4fd72bd8e91634585e4e11df8b5581ec1082700093239f009e7f10159ceb
SHA512

b71c9ca3f06d9c1068aba58c4559be2615bcdca28339d049da2f43ab42689e300de0cbbcf71cfbfb0fc22e7b5b30291de660dd17666cdadda7309702459671d0
SSDEEP

49152:wZ63d/bVK5rR4IbHh0vH1pAUlBNYzT1ecww0G9NA8:x3h52rf6koBKWwRA8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
389d13c6710e1210d5d7371bfbb134cb

Files

389d13c6710e1210d5d7371bfbb134cb
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 36KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 584KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE