7148c6409ebae046634185db81c022c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7148c6409ebae046634185db81c022c4
Size

6.0MB
MD5

7148c6409ebae046634185db81c022c4
SHA1

03006c4c176ba063859bb15297071d2f820cea19
SHA256

6b60499a4795c0a473b7b34cb937dfccec0921c567ed0ed5019bf9db10a03585
SHA512

430923fd9e09eb21a8293e89d8ec31364dafcf9b26f945c5e92075d2a9d79b9aa2983bd644451c3c2ab3ca6fbb856e3c8be051398c97588c864f98161fdd1e92
SSDEEP

98304:6Tt0xQ3bU1sEwclnTvDuMHqB+Ba8iKl2UQiq5TLX3qqT95Di56bs2qyFSCay1wD7:IEQ3bIsEXeU2QqJqePDiI1QC1wSiH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7148c6409ebae046634185db81c022c4

Files

7148c6409ebae046634185db81c022c4
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 585B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ