4593f1203a45477897d00fbb6ae1879e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4593f1203a45477897d00fbb6ae1879e
Size

4.6MB
MD5

4593f1203a45477897d00fbb6ae1879e
SHA1

5127aa5c6c66b143ab18a9fe6aff77e565e4b6ce
SHA256

45a2a341e3f2c7d6c400df3d4e7ad954b8139ad1d9f25b219cc10d0a6fd3826c
SHA512

300072e39e585596b73e4e67a7ed13b7e1d14779551e4e7eaaf875cd4bdf1b42b42f1a9a4c5b1efe93a41524152935ab53dd2c3dbb2bb4a5088e97fa63da3637
SSDEEP

98304:Wxeff81Z1OxKsUHpWm1KqrU0vE6P8KtV66R7rL8vatf4Q2Ws:WxeH81Z15sUHp1Cd6pLYF3Ws

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4593f1203a45477897d00fbb6ae1879e

Files

4593f1203a45477897d00fbb6ae1879e
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 714B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ