985e51767054f0cb6d3f2ddf393d4658 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

985e51767054f0cb6d3f2ddf393d4658
Size

4.2MB
MD5

985e51767054f0cb6d3f2ddf393d4658
SHA1

263f3b05585544789d14852fa22c53e9296f3bac
SHA256

8229dedf9ebf15849f8fa290fdefe71403e2b455af34acdcc748d21decf43107
SHA512

5fe8279b14df4cfa31b70e4141252138e9d319c24b6d10a2dd4e1aba4d4574b00cc67400ae5c0192b3bf373cb426d2daf2fcf35413b749be4b847fc5d029c1cf
SSDEEP

98304:mQKp4LyiUY2sfLMQdh5dXwHrJuQOavsqp4RzepGl9rtlfT:/5yY7LMWfdgHVBOB04R6wttxT

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
985e51767054f0cb6d3f2ddf393d4658

Files

985e51767054f0cb6d3f2ddf393d4658
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 414KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE