a9814a3c3c47a5a7eb5ed94afcbecd9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9814a3c3c47a5a7eb5ed94afcbecd9a
Size

19.2MB
MD5

a9814a3c3c47a5a7eb5ed94afcbecd9a
SHA1

7c94a950f65af210b48ad2bfc2e7cf3a7b070777
SHA256

3c350fb14161b43c9354096d3dfbe834dcb364ca4f27a855940cd50e68a55002
SHA512

5662d399f1484a1894bc366c48d5ab67d771d4182aae96b1a963cb3cee0b5903eb1a9f0ecffcecc4c0f895c5de95d1e85ba6a2a0ee5c1f04e6fab7fb01928eea
SSDEEP

393216:vbjWiJn0G1penHFezhE2/BKcpbSJ9pP2zrAObequgkIXQDG56rW:jXl9X3boLObezNIrYa

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9814a3c3c47a5a7eb5ed94afcbecd9a

Files

a9814a3c3c47a5a7eb5ed94afcbecd9a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Sections

Size: 51KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 18B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 29.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 19.2MB - Virtual size: 19.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ