b87652b3c122a5a75fe01100e607b503 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b87652b3c122a5a75fe01100e607b503
Size

41KB
MD5

b87652b3c122a5a75fe01100e607b503
SHA1

6028700b9ea428a4c0dd9e0450691fccf833a693
SHA256

ca895d37616c6deb070d02a572304a6b00635823a3cd27d880ffaaebf9f7dd98
SHA512

1ff51810045ec6533370bc06537d6c58a8540004af5ed241b06cd385ccfd4b6d905c07febce4b38db5a1dc55027cc04685ae2f6da9df53032af6ee9649252527
SSDEEP

384:5MnAYvL3XG+3N+pCiq5E1uVoYKDGh67Pr3eIx4J9aE5bYEp0OkIHwwu3pqd05ZYK:YR7Xr3r5m5biNnb55pcpqm5ZYlM/aT6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b87652b3c122a5a75fe01100e607b503

Files

b87652b3c122a5a75fe01100e607b503
.exe windows:4 windows x86 arch:x86

ffbad6a66af21567244405eff2348c33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageW
GetMessageW
PostThreadMessageW

msvcrt

raise
signal
atol
strlen
exit

kernel32

GetTickCount
FormatMessageA
LocalFree
GetComputerNameA
GetFileSize
_lclose
GetModuleHandleA
OpenFile
_lread

Sections

.code
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Themida
Size: 23KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ