8c9b0fd73f047b2243f46b0ac4efa9d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c9b0fd73f047b2243f46b0ac4efa9d5
Size

3.9MB
MD5

8c9b0fd73f047b2243f46b0ac4efa9d5
SHA1

be534bc2323c32067df20ecfd4cd2d61ca5f766e
SHA256

583c189b3d8bc98c7a9e22ba2ad1fce8210222fa636287f8fa3fd7b291cd778c
SHA512

cd4c1ee1e1144cf244d7623d971e51a6bd6bb6f9c7c3a8e2cb4b0482d508a2e2c09b9c303f8b0cfe821761beca8e19c34a9a1357770214390ecf8203b2b52d0f
SSDEEP

49152:B+RSCa8HEYbMMM6KnJjp/S9kVAUrIbgXMT41KVEwqZ6R5Tjut9dPbMx9/Rd0CTyP:B+HjMMMVnJj1kkVl8s4htgXoB//2ju

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c9b0fd73f047b2243f46b0ac4efa9d5

Files

8c9b0fd73f047b2243f46b0ac4efa9d5
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 707KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ