8869683aff5f60234904524d11e904da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8869683aff5f60234904524d11e904da
Size

3.3MB
MD5

8869683aff5f60234904524d11e904da
SHA1

7afc6a4f16003061ce9dc686135320ca77b62958
SHA256

ec1428ab0870b6b8797581184abad617f327cc19c73ab38d0198d81940525674
SHA512

8846b06c3d6ab547ad8430281f316070ac8e414d4ce985fcf5f3c034d9b930a6df23be5cf5d878551e1af1ae8eca85db9d6dc3927e0448e2b39cd4f18afb0b0e
SSDEEP

49152:cUDRoZdR2PkWDoCUbNhvCyctC6v6DrDhkPuge3UUQMD704eg/esLqf/o2oLIKh:cUDXceonh94VQrVkevXDvegW2LIKh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8869683aff5f60234904524d11e904da

Files

8869683aff5f60234904524d11e904da
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 267KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 292B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ