21a3834ec6d51ba3426b21c6fda50146e7e6d0ba774fcd03917f722ef33235dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21a3834ec6d51ba3426b21c6fda50146e7e6d0ba774fcd03917f722ef33235dd
Size

2.8MB
MD5

c39e6fb2e7b5e7f7dfea506505c0a5de
SHA1

035e3c0fc9aa1e91e57ee9a005f0e2b326dcbef6
SHA256

21a3834ec6d51ba3426b21c6fda50146e7e6d0ba774fcd03917f722ef33235dd
SHA512

b414443ef08bc84cfa5c48e5b7b441cf1bbb254ac0396bbb7cfb3f42f4ebee2161b3316b44c736fe1b5a80d5ef94b7828169eecf74cfeac0347df58b90c3e39f
SSDEEP

49152:ngLCT8zNPlFmxUfa6WwJCya35KGMLwc1Y2gqiu4WMLg6K3:gOIzNPqsFMQt91DjlMgz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a3834ec6d51ba3426b21c6fda50146e7e6d0ba774fcd03917f722ef33235dd

Files

21a3834ec6d51ba3426b21c6fda50146e7e6d0ba774fcd03917f722ef33235dd
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 97KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 191KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ