520f01fcec3a246e5e8d9ae67e0d3f64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

520f01fcec3a246e5e8d9ae67e0d3f64
Size

632KB
MD5

520f01fcec3a246e5e8d9ae67e0d3f64
SHA1

409fc82a9a3e58d9664fab60f748204663a29c68
SHA256

157d81649eb712b36769888635550c8991a54e2a0ed67e1bccd1f6de035eddc5
SHA512

bbcbe905a7732b82e36dde4e677781e4b89657edb9f7010e0a46f85d97aa37f6d6d21c64a5b6dc6a778ef846b53785c0f9c3c4db3ac0d38b3cf3651b6d68b70e
SSDEEP

12288:iz0eD75BmdsJJax4hMDeKVyBzPBrl2V2r0810sOI7Cxgw2wWn6V126b:izxD76dsJbKG2V2r081zOGugwvWn6V1X

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
520f01fcec3a246e5e8d9ae67e0d3f64

Files

520f01fcec3a246e5e8d9ae67e0d3f64
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE