b4f299e72ba84098d24f661af14ac257 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4f299e72ba84098d24f661af14ac257
Size

1.5MB
MD5

b4f299e72ba84098d24f661af14ac257
SHA1

9b104d77bf6191413fbd9bd50a38b4f3febdde68
SHA256

eaf8fb9a457c1150ccabb928e2e3a34cd7fbbf9c90ad60cd7ec0735c294fd8ec
SHA512

d855e803c0a47f3bb0487ed0fd90c33f744990f845169d1d952f404da63d4c84376a034dca2e45329357b87df9f31fc952318c3e8e85a00d86938bf9d1c7d02a
SSDEEP

24576:3amCYnpQz4kQWP8vRW4dYVODK1pP9MTDu32KCLIXoKf70N0MTqkvEucIkHI/WkJN:3mF3YvRWsweuP9M3umBLGo0PQcIv4n2p

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4f299e72ba84098d24f661af14ac257

Files

b4f299e72ba84098d24f661af14ac257
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 536KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 713KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 864KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE