40af577f6396da172fdf1fb4b5d5af8b | Triage

Sharing

General

Target

40af577f6396da172fdf1fb4b5d5af8b
Size

361KB
MD5

40af577f6396da172fdf1fb4b5d5af8b
SHA1

40d90f0738ff0a7bfafe1d49191ff54d25fe37a5
SHA256

f90bbecced8ad93de2b9b4b6869da46209240fc46d42bee9d9133e2c6670baf6
SHA512

379cfc7d693fa9c9d7b43e36dd127679bccfc81fd724537762199c89727b27fec18c8a16938a8038795589d7a07897ec0ae98d304b7b96a4e3b3fc8045b169c7
SSDEEP

6144:4VtHQsDog3SvM91pWbjeHKSlL7zPdxtv3shlOXPQB3V0tsoL0u83bCxHh:4VtQsDoOSk9+bjMKiVshlOXYB3V0tstW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40af577f6396da172fdf1fb4b5d5af8b

Files

40af577f6396da172fdf1fb4b5d5af8b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 315KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 435KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 710KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE