a3e1b5924f6521bab3a620b68fb7dfa2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a3e1b5924f6521bab3a620b68fb7dfa2
Size

600KB
MD5

a3e1b5924f6521bab3a620b68fb7dfa2
SHA1

6ac6ec543dbff8452d6a91678a0de558990ad295
SHA256

c25a19521caadcb296a9674bad5e5c265eb7939659e09726bf49b6a3f7fa9f05
SHA512

c391da04092231206a140a655629cdc7787370f832b7275664ce1a984a31019b3fdedb292c6917d4d78a42959cfe83c7f8becce0e2409d14a3eb18697057953f
SSDEEP

12288:qXYATj6a/eNnWlhKfsmIcG/rbcupCUgg1HIrFNIXzdNAyKlX+IidVwIc3SqWKrm:aYg6aCnWwG/rbTk0ITIXzdNAyKh+1diq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3e1b5924f6521bab3a620b68fb7dfa2

Files

a3e1b5924f6521bab3a620b68fb7dfa2
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 560KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE