72a673800fa60df6c2cbce0c8645c80b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72a673800fa60df6c2cbce0c8645c80b
Size

2.8MB
MD5

72a673800fa60df6c2cbce0c8645c80b
SHA1

4d8eec5ce088c6f26f2370170c3ce709a4cc1316
SHA256

16c0b65a160e6f7348bc9daa221661a500320a66c650269eb4ee9029bde708f7
SHA512

18c4fdb2924a7188f183c52fde4c816294cbc19d66ddf51179105f9b4d56a996bf708749c6b4d0ae266269551ec017ad1c7dfeda40b9440ce87d176ba31a9bc7
SSDEEP

49152:lEGKFhotZSo990h5pM78yX/YG5hDkz3wLG2pcV6vysMtqr7UelbrKYOQuR:1KrWZSCyh3M4yX/YgDkwt46vStw7UewH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72a673800fa60df6c2cbce0c8645c80b

Files

72a673800fa60df6c2cbce0c8645c80b
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 43KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ