9af9d3eef45ad6ad1154cfff8ab01bda | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9af9d3eef45ad6ad1154cfff8ab01bda
Size

1.0MB
MD5

9af9d3eef45ad6ad1154cfff8ab01bda
SHA1

fcdc62285addeeeff4970c6393d6031f58f3a3d8
SHA256

7a2f768a12dcef5a3859d3fe6c80c0d77c083b60e15244cdc50435d5dedc3c8b
SHA512

2eefdcba44a1a28ebf869d6649ac9e77bbbd26eebc7e599a38a41857572017ed7b7ca024f6d3b843f8d22ac2a5e29de9bed063689b6c48794deb3e3cc608ad11
SSDEEP

24576:Q3QrnLI0SYn+taOW5BBQeqONvDyihanqsWpiOC:+snZSrcB9+iwnLpf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9af9d3eef45ad6ad1154cfff8ab01bda

Files

9af9d3eef45ad6ad1154cfff8ab01bda
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 247KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 758KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE