77c19a8feace35d1edc28a10d41391f5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

77c19a8feace35d1edc28a10d41391f5
Size

715KB
MD5

77c19a8feace35d1edc28a10d41391f5
SHA1

f885220efa919f7c09978986d2ee8f935d58bead
SHA256

6b28e644575e43a178a5a4af826a7a9e2a17cb60cc67224fa60ac627ac46d109
SHA512

7deb11c9b63434869322f8e2043a2426c7cb7fe478505cb6e41e4e7ab69d96d33a6f28649ff22bca74e64480cda1f0b12560f8f09c6fb15e0e10cf703eed0e85
SSDEEP

12288:mzOB3Uz+7w127p/Q8mEPXn9+Hjf6Sx201XypaGW3:mzOB37E1BkP8DiK201iMGW3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77c19a8feace35d1edc28a10d41391f5

Files

77c19a8feace35d1edc28a10d41391f5
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 33B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1017KB - Virtual size: 1017KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ