4c84076e3d54d3d62e0ebbb8d4fca656 | Triage

Sharing

General

Target

4c84076e3d54d3d62e0ebbb8d4fca656
Size

3.0MB
MD5

4c84076e3d54d3d62e0ebbb8d4fca656
SHA1

fe6162b07f8c4ecff2c512e1328112603f936a87
SHA256

f54c4ec495618b8e4c39acc277ed61cf0f45ec5db2d434bff784b88c220c1cc8
SHA512

c9f865e0df7b2d132b8a6aab5e0062945d1b0c7e60de39d7da0d2fda59185625a0648f69b99980b9bf5d6834bd4d296e2799e670b2081884e31aeda09deb3696
SSDEEP

49152:1lNG5Be76y1Aszr0zvHjuZFEQCpmg5ujQ10JmfeL3SJvZ5AQ7sbVKWPEYBmDM3:X+TevMFLGFJm2bSJRmQeuKm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c84076e3d54d3d62e0ebbb8d4fca656

Files

4c84076e3d54d3d62e0ebbb8d4fca656
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 497KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE