71d62f05f40a349362050b89d198d0a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

71d62f05f40a349362050b89d198d0a5
Size

1.3MB
MD5

71d62f05f40a349362050b89d198d0a5
SHA1

5c20fdbd50c7f938115d8ace00c7c84b7d6fb406
SHA256

d3a86a36674e759c63e3e36d8735dd4c2ca69f636c2518596825ff0e5994619e
SHA512

bad6d3656018453d8b5c1aeac00bff3ee66aa12d5d8f0799b2bf9709620d4aaa22782c774b2f74122e6179ab1af458e0de7e7148dc5176bfefeda0c0cc28737d
SSDEEP

24576:o5dvnfVS/sK7O0j9qL6aoFNhnVj59kZYHERe8Ldd+avSAqXMG5FmxsK:ornk/sCO0j9G6jVj5q1R7waawGzm2K

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71d62f05f40a349362050b89d198d0a5

Files

71d62f05f40a349362050b89d198d0a5
.exe windows:4 windows x86 arch:x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE