997fe63d3f7a13f0eabc340458104bd3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

997fe63d3f7a13f0eabc340458104bd3
Size

960KB
MD5

997fe63d3f7a13f0eabc340458104bd3
SHA1

1197923739eab546dd5aede8208875156bb8d925
SHA256

a9b17631e2243d9f05858446a0f4b2473440481aec89eb208ed44fe95cea5d4f
SHA512

3d89b49a7e4f4ff74a4129366f70e0f57c0091bf37786d3bbb045538edca9b416189e3639b99e2cc4466ef325269c8993e4e3eaa7c3d8f900ddeb65a64bfaacc
SSDEEP

24576:duyAiDsZVukWkw+DBf0Ew/4tTRHe5etDjbzo6:duJiDAVhfj0Eo52Dz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
997fe63d3f7a13f0eabc340458104bd3

Files

997fe63d3f7a13f0eabc340458104bd3
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 28KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tiro
Size: 292KB - Virtual size: 292KB

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 628KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE