44e519ef1cdf43b7f6c4f191e8946d18 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44e519ef1cdf43b7f6c4f191e8946d18
Size

926KB
MD5

44e519ef1cdf43b7f6c4f191e8946d18
SHA1

8cbb171e45157e0f53ef117b270dd6d75b299c84
SHA256

8f757c1858daa7314ef8f6ab8e268a0f27f2a0edd2a881ee764495d531fcf7aa
SHA512

be130e3eba6eacafeae5cd3c8441f3a6696e469cddc53ca354c060a16badbb3c4fc8fcbdc3140a0a07fc4aa6e2ba53bf5a1093d8db00d546418548aa354f3b0c
SSDEEP

24576:Kk8wfBn9EiwpSk5GL8poyNXYof0k9VruERVotvJosOF:Kk8iB9IpvNxn9ROtvJnOF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44e519ef1cdf43b7f6c4f191e8946d18

Files

44e519ef1cdf43b7f6c4f191e8946d18
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 28KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 653KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE