59625233a68f0ca95afb6d734ef978bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59625233a68f0ca95afb6d734ef978bf
Size

850KB
MD5

59625233a68f0ca95afb6d734ef978bf
SHA1

32ee64b48b215b747015a9b1ed6c5f28314ed8b9
SHA256

6b9df9fed567617e8537c60f3107355f9e21b684d47d113f4a6cf11d187ac9b3
SHA512

246ccc3ecd1954bf635f32cacef0d1642613829d4b7b16656391ba63ce7ebba6c1ac080761b6ae336ecc04bbb1c2b505036744f4402e76518f6ab50805284307
SSDEEP

24576:4PwWX2SsJI/vF2Z6ChhCvGreyhUtX29f+nK1QArE:S+SXvmF3CENh0Opr

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59625233a68f0ca95afb6d734ef978bf

Files

59625233a68f0ca95afb6d734ef978bf
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 219KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 617KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE