7ef5074ac63c82742fb48ff546ea775b86c384be0d496c35ed777c45ebe2ecaa | Triage

Sharing

General

Target

7ef5074ac63c82742fb48ff546ea775b86c384be0d496c35ed777c45ebe2ecaa
Size

558KB
MD5

86362949f14efda78e4f468efb9313c4
SHA1

08f97201b7fd8f04293a08aebd97e1e01a4fe932
SHA256

7ef5074ac63c82742fb48ff546ea775b86c384be0d496c35ed777c45ebe2ecaa
SHA512

f736724b068abc62968a1ab8177ecc9e5138a2f342ef78f104c9e0a0d6c4409b54c9b9e9e3bbd378785d214bc89cc95ce066de43a27c8098225459c0d4ed77ac
SSDEEP

12288:/2INYQWtmlHXwWAI1KYHDYgXYu9+jFQFlQhqx8:pGQUgHLAuKVIYM+puPO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ef5074ac63c82742fb48ff546ea775b86c384be0d496c35ed777c45ebe2ecaa

Files

7ef5074ac63c82742fb48ff546ea775b86c384be0d496c35ed777c45ebe2ecaa
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 340KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ