8b5bf5c0d7aa5f2e2542c09c1ebbf79b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b5bf5c0d7aa5f2e2542c09c1ebbf79b
Size

3.2MB
MD5

8b5bf5c0d7aa5f2e2542c09c1ebbf79b
SHA1

84453e9f09c67868edda61aa22086598766d7da0
SHA256

6384d74d039dd2a268a4348f8fc3e2b560db198fdfa49e9bc211e304bfd007b9
SHA512

3eb285457607646202c4a3868a26c4252f142a27f8501713e4ceb44ed11e3d4df36f3cf2754eb20f7338bb45bc0015e537e8379ca4a47b8bba54216b8de2620e
SSDEEP

49152:UeqeEdG1eZgax1fb92N10JmfeL3SJvC8BlssKtWEZpkl4DI1YO8D:ae4GwZga79RJm2bSJa8Bl7KtHoaDeGD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b5bf5c0d7aa5f2e2542c09c1ebbf79b

Files

8b5bf5c0d7aa5f2e2542c09c1ebbf79b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 497KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE