a1107bb43b5e3ead0d88172e65eae250 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1107bb43b5e3ead0d88172e65eae250
Size

2.0MB
MD5

a1107bb43b5e3ead0d88172e65eae250
SHA1

e8ba92cfefab58b2a3a1aa11e83239ec61cf2808
SHA256

65ea6dd9f4986a3f414316b8be0e3ba5df495d5e041cfe9cb959c69a2116ff19
SHA512

6557f011820a0ce4686eeac6f11466c3129c757650890771634fa2a895d310104bc1a07ba829b7ae3b3dadb7e6bf029c27846fa76c3b3a7926ae96c7b2617bce
SSDEEP

24576:s93HhUDpRae1N5b4vjeVM1RaZYuPqqrKZxs+dqdXTYpatqfYEpomaRGuqCZ8:uUt3b4LQofErKTsjXTYpasNuqCZ8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1107bb43b5e3ead0d88172e65eae250

Files

a1107bb43b5e3ead0d88172e65eae250
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 736KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CCM
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe
Size: 22B - Virtual size: 22B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE