96e862f2761aaf68c34fca6cec4fcda2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96e862f2761aaf68c34fca6cec4fcda2
Size

2.7MB
MD5

96e862f2761aaf68c34fca6cec4fcda2
SHA1

f866c25f3f25eb98b4bd97a964016d161626af17
SHA256

5c87a5866e193b348a3af0ec3703f721fe3f35595fe313ae9aab99069ad3feab
SHA512

21fa47e9b255354441e76c81d8b95928542f127e58da514888ea5a272d1ed2077a7e88250cdb14efed05888f94932e74899137830ac6dbcbdf1c4e3342d74429
SSDEEP

49152:7b2Ayt8Ek5WZnjWAIWSfEHcqSFryCio/pzW4oykBqUcxU/ivwZPWP0:n2Ay7kIj38vprW4KBqFU/6wZo0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96e862f2761aaf68c34fca6cec4fcda2

Files

96e862f2761aaf68c34fca6cec4fcda2
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 296KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ