72d64833d85ca15ea0d9661dc4d57330 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

72d64833d85ca15ea0d9661dc4d57330
Size

1.7MB
MD5

72d64833d85ca15ea0d9661dc4d57330
SHA1

98b674cdb96fb82d1dffea2933c95829b6d3a321
SHA256

c407411f812ab518eb19543227a5bbcc9ce0eeb6c458a9089b9ccde2acf8d164
SHA512

4aad178aea57c9f87fb321e8f3e99d812d80e8ace6a2c5f7d0308d57fecc397e13f2ac475509c95eca69c0d4f03196acb184da149b31f64d942f37cde1709d10
SSDEEP

49152:w9S9yzrdKLnTQ6ENB3TvbkK2wPzd+a250VqC:w9S8zQj8BNBjv4K77sa25sq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72d64833d85ca15ea0d9661dc4d57330

Files

72d64833d85ca15ea0d9661dc4d57330
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 299KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xiaohui
Size: 80B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.4MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE