6ae3498cb9a5ba2b89861ecd5af12627 | Triage

Sharing

General

Target

6ae3498cb9a5ba2b89861ecd5af12627
Size

12.4MB
MD5

6ae3498cb9a5ba2b89861ecd5af12627
SHA1

274f104b6115ede9bf664ba7a82862dc35808bba
SHA256

fab22062cd6dca945108eec308117d1f61776f165a589b0dc40631e853f54739
SHA512

4523fae5e13f8a23afd0b2a1ee905ac6714b2f2c52892c807d3ee3cc8065a41ff1f8c3a70e34c19c32737b11e6228c3ecdf394e5fbe0b24b3894398785558bef
SSDEEP

196608:pFYCPzfo99IAREBpvabnMxoVu1AQLC00atf/V85x8ew1Gfp4q/J4iylWCpmKLQgU:dPro99IACv7r1Jkav4xigxJ/clW3gs9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

6ae3498cb9a5ba2b89861ecd5af12627

Files

6ae3498cb9a5ba2b89861ecd5af12627
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 109KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 18.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 12.0MB - Virtual size: 12.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ