4c59296301e9abfc15b9e06d9f67bf77 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c59296301e9abfc15b9e06d9f67bf77
Size

4.9MB
MD5

4c59296301e9abfc15b9e06d9f67bf77
SHA1

a79f1adf1b2c8248426b7e1eef3332e2971c4d57
SHA256

29ee2b8505ce558c2b9a39be7371aaeb2946d1119774efe1ce817071796dd265
SHA512

cc7f8a692491191e927a87fe07eb32f60b9ec6c16ecfb321c0449a26079c5b774e0b2b5c08a7393ff9fc544fad9b3e4b90c30dac64d2afb033a3ed4df33310db
SSDEEP

98304:sCSPjAYECgdLNvQfmH7vXsLDwMHkFSjUI8QBQ6:sC0WvQfAD/SjUaQ6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c59296301e9abfc15b9e06d9f67bf77

Files

4c59296301e9abfc15b9e06d9f67bf77
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE