b4eb88e946cc6b92ef8c9e9f77e822e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4eb88e946cc6b92ef8c9e9f77e822e8
Size

4.5MB
MD5

b4eb88e946cc6b92ef8c9e9f77e822e8
SHA1

9c8836384cc9112d67ff772d95e08d98874b32da
SHA256

906bc54650ce09ddf456fd36c511b90d8c1ff41c0e0e6c7bf08037ff8d020e8d
SHA512

8178ef7e6b6a62aff5152cde0fbb700f67471cf9f579d37ce99dc145a65788c71cfe3cc76aeaf63c8e6bcb965583cd7e1fe460314be0c5a2cab5ab95af0522d9
SSDEEP

98304:ZRV8MLmO4aHRZZUrL5hGOmCY0GUPthV4dyAge8w/FbraKxq+:ZDdLHDWDqk7VEjgxw4Kxq+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4eb88e946cc6b92ef8c9e9f77e822e8

Files

b4eb88e946cc6b92ef8c9e9f77e822e8
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 575B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ