a1b4521cbbf26a4f9ebf647b6ac3abfa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1b4521cbbf26a4f9ebf647b6ac3abfa
Size

5.7MB
MD5

a1b4521cbbf26a4f9ebf647b6ac3abfa
SHA1

89e7703400944d0ca733e5ba7d22af122ab083fd
SHA256

c44a5e189d36adea1d40d3a61817b8381c0b7f200c7a700d2842e93f6e485282
SHA512

d6c22421336bf4f4f0ef395588ed0a59560953e9d9dc682f55d432de369be2cdbbf1a04dbf105f2a26a5f760c76d201ff7e388a501eff88a34304e01c226317e
SSDEEP

98304:YJFzGInPuWHDEUnRAgQPNL6fmODfW2gESACTfj/9GyVZM:6GInPuWHDXRAgCNLk1DfuESAenZM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1b4521cbbf26a4f9ebf647b6ac3abfa

Files

a1b4521cbbf26a4f9ebf647b6ac3abfa
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 432KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.8MB - Virtual size: 14.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.5MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE