3f96f9cfa01707677959911571efd4b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f96f9cfa01707677959911571efd4b9
Size

3.4MB
MD5

3f96f9cfa01707677959911571efd4b9
SHA1

8f11c5ea513b28c67dcd87ea61a19ea8646ced0c
SHA256

c8726e6f4735f8c4fb73c2effcd2b18252145693b549ffb5f1e35c95e2d6f105
SHA512

dc9284f93decdaeb8a2d1ab917b7f120eca2bd463b174aa47b5d93f15305919f42f784fef5121f18a40bc261b5900621f1aec6a80c51544743088838ba7d6e84
SSDEEP

98304:F2TIPhsQ9F0C60QrmoQtm7THqM+ofCx/mJi69:OC70T/6ptm7Tp+ofq/oi69

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f96f9cfa01707677959911571efd4b9

Files

3f96f9cfa01707677959911571efd4b9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 361KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE