64efda5bdaceba32fa036badf27d03af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64efda5bdaceba32fa036badf27d03af
Size

3.3MB
MD5

64efda5bdaceba32fa036badf27d03af
SHA1

3367bab25a75ba0b29e114a5dc3f613dee343d7a
SHA256

08fc27e5d8c45157980bb936278813a56f4a50b6362be03b950b0eaf8cc9abff
SHA512

2bcd94efffdcf499add58000d264c9801cfee1d777ca7e5d50581f8641b4109dc1357188d68501cab33e956bddab598c7c6f0a103be5ffef94cabed826ab27b5
SSDEEP

98304:ezTyMHJjpzcI1YOZtKIHLfU4l2bFBEsgOHlBurk:e6MHjhYk7rfbl2Qo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64efda5bdaceba32fa036badf27d03af

Files

64efda5bdaceba32fa036badf27d03af
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ