99600b4a2bdadfac0216ae0f41faa0d7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99600b4a2bdadfac0216ae0f41faa0d7
Size

3.0MB
MD5

99600b4a2bdadfac0216ae0f41faa0d7
SHA1

10c59e071ed33471c777032f737ff2e30a48d1b7
SHA256

63009ed7b553253b0868b32a68f4de6f447b3504dacb84744a63bea44ec047cd
SHA512

3347659d27c3c8c40e2ca6b7f15123ab2b666cab473d2b9a73eb2a522410100bd6719d107ee4dc1f6b47656510fed6f4bc2d194025378797c1c6a13505582bd9
SSDEEP

98304:Xo1rg9sOMoAMlwpu6s/B5gKAUGSBIN9T21:Xo1rmsOMwwpfxK2RC

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99600b4a2bdadfac0216ae0f41faa0d7

Files

99600b4a2bdadfac0216ae0f41faa0d7
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ