738d4d21839f227f7bd9b30d732a88c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

738d4d21839f227f7bd9b30d732a88c0
Size

623KB
MD5

738d4d21839f227f7bd9b30d732a88c0
SHA1

d6d23d3b505ca78824392c10af5a444fa05f2387
SHA256

ddd9a798c7ec0055358d7bb6ea1fda4261ea20c3cf6e14a16e07c913940ea6a5
SHA512

1cf475c0a5588249d7f2d69821693c75dd888a2e7c22807f31102e0f0b5bc338e12ea99038b4c242f1a89b1c1905701a90dafff7cbfae2cd43486a50abbf11b9
SSDEEP

12288:bkjJ70TkG8DBfwlh4tk9Lh4fz1zbf4vZmCf5JUaE3f0PQc:uJ70OBE4OD1Zb5JUaE3f0n

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
738d4d21839f227f7bd9b30d732a88c0

Files

738d4d21839f227f7bd9b30d732a88c0
.exe .ps1 windows:1 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 605KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE