64ae14150712bae3317679e496d7be60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64ae14150712bae3317679e496d7be60
Size

3.3MB
MD5

64ae14150712bae3317679e496d7be60
SHA1

0dc4c6fe74ba427395161cbbdd69c21687bd12df
SHA256

6faaf00dba4c15194069724dddd0d59e5e62217ebdac5d04644cc68dcfcbb751
SHA512

0d99c001015dd34b5f32c6da967ea2dd540cb38bc0287c7b70d1090c58ad619ad10b8f9e3c0a03b24b71fa750c4e3b34f926bd5397c1d7a13eaad6a349cd2624
SSDEEP

98304:QsXWxQVyw3mw2/fjDxYbbJLkxRgvBbKpdL:XMQgmc/ffGlLZvM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64ae14150712bae3317679e496d7be60

Files

64ae14150712bae3317679e496d7be60
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 42KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ