8b2464dc6ca4d985648a9f789189f231 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b2464dc6ca4d985648a9f789189f231
Size

3.2MB
MD5

8b2464dc6ca4d985648a9f789189f231
SHA1

40a0142bb8adf998b40633dfe9cb3c54f86f2034
SHA256

007c895f9b557ac4c9e269d7eecbd18cfadb6da52af796eb974a6d9b460acd43
SHA512

9e5e1edf11f71436273dc5fea2825122185e1ce64f41664327963060b5b4444dff5b2407c7e8c5e9797b5d023a43e25e77b42b1fe8761f7e02caa20cb44edf71
SSDEEP

49152:KYMh56AU8FNgba8wG39+T4jO7zwiCr5t8FNio/cuEzpINJP5qfhsg8Zr:Kth56AU0P8wG39xPiCNt8f/JPQ5sVZr

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b2464dc6ca4d985648a9f789189f231

Files

8b2464dc6ca4d985648a9f789189f231
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 268KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 287B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ