ac072bf0c662d6d0e8f5326dd8612143 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac072bf0c662d6d0e8f5326dd8612143
Size

6.5MB
MD5

ac072bf0c662d6d0e8f5326dd8612143
SHA1

2efbd7e359d6309cf13128dcec1d751a44e0d01a
SHA256

f7331f33cd654401bdf7b6cb68c008a2a9d9c02daee77588344275ded89535f9
SHA512

2401f435c20797b8621876155fb7685ccc4e9e033fa0f9f9712cfe02c32829f8f037689991c194046f78f859ebe18b080723bfa9b46b582287d9f52f2a0b9a8b
SSDEEP

196608:u4RTD3utrbSKt5h1ua9f+g31qRWO/FQv/yB7:uyA+Ktr1lGm1qRWOtQHyx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac072bf0c662d6d0e8f5326dd8612143

Files

ac072bf0c662d6d0e8f5326dd8612143
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 583B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ