39a2cfd12bfcc22134f9ddd55b2bd509 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39a2cfd12bfcc22134f9ddd55b2bd509
Size

3.1MB
MD5

39a2cfd12bfcc22134f9ddd55b2bd509
SHA1

6ecd0e9aec9f48dd7832eec73df43fffcb9e3778
SHA256

193a3781a1ef4092c412405f5eac73bea2316d47928f22502f3a3ad7a443125a
SHA512

56982e5c150ad00ae2a865e9a8281f443576df81369d9dfb380a5b4903df6569412d902ee7a4d5c1f04dd7a36807e7da438536193d060f49b83bb9368c458fbb
SSDEEP

49152:hlmnz8P/QjpIO3Dei1ADedFAo1TaXd2zdl0IIe+ni2G6uhVGUJ4O052B0:hlm46p4XMFAUetAbNani2G6CVfJ4O0Y0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39a2cfd12bfcc22134f9ddd55b2bd509

Files

39a2cfd12bfcc22134f9ddd55b2bd509
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 38KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l2
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ