b4dfe530089d22c131f9f4761c782722 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4dfe530089d22c131f9f4761c782722
Size

1.0MB
MD5

b4dfe530089d22c131f9f4761c782722
SHA1

93f3ba9b63094ef64e897dcd84439d9a94b8e5cf
SHA256

b840c484342880b85169ceb8816224dfbe5a602df456da67a68b5f01b31fd92b
SHA512

5016355ee30f167f93cd4b931691c7246cfba31d4d2d19b4e3a7ddae9389dbac5340ba501ade15d30da13fc3f188ed4c65fcfc6deedb16ad47731afda45be675
SSDEEP

24576:PdrA2qM8gk8gcIjiNLIOjPgTTvkvdFrWOeIgl2mPRv9cC1X:dcgTgJWPumdBeemRCC1X

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4dfe530089d22c131f9f4761c782722

Files

b4dfe530089d22c131f9f4761c782722
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 14KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 936KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE