fc6f4dc0cafb9d15c2b2b67548363d6928b797d9831e1062d4591abd57d88137 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc6f4dc0cafb9d15c2b2b67548363d6928b797d9831e1062d4591abd57d88137
Size

558KB
MD5

edfde6aa7fd6123415b528ffcc438308
SHA1

1da117b9b603cf8fae45953a2a80fe86a6f9f520
SHA256

fc6f4dc0cafb9d15c2b2b67548363d6928b797d9831e1062d4591abd57d88137
SHA512

4a68ca56cbf52aaa865e121a8ec8eaa630cf29371407b76a0502c5662c6b2b25d10b17dcbe0bb5fa0c7705b33a5df326c90bc34be208eee87984827986457f77
SSDEEP

12288:/2INYQWtmlHXwWAI1KYHDYgXYu9+jFQFlQhqxC:pGQUgHLAuKVIYM+puPc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc6f4dc0cafb9d15c2b2b67548363d6928b797d9831e1062d4591abd57d88137

Files

fc6f4dc0cafb9d15c2b2b67548363d6928b797d9831e1062d4591abd57d88137
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 340KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ