44201675635b177e79ac606d9166f484 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44201675635b177e79ac606d9166f484
Size

3.2MB
MD5

44201675635b177e79ac606d9166f484
SHA1

836615303072249fa3f0820edaea68f3c69f9deb
SHA256

a66e907bd27dcf90663bd0295c087e929ef9f211b011a9a0c484dcdfd02aa6e0
SHA512

c69eb804814f4b505df83958f812fe244d0e6fd81bd362a58a4558f0f5553bd21b23a3d7e5f4b31c83822b5e8692732e5c8e8e0e5d5eecb0293d93d5005e81dd
SSDEEP

49152:MZ7dGtIyUTzewVVRBYMHQ55uugbWsDSlOjGFzPMNu70XEiQtSJaDpn697iPq8JAm:CdGtIyUfbTHO/g7GF7AX7QUJjUitm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44201675635b177e79ac606d9166f484

Files

44201675635b177e79ac606d9166f484
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 152KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ