b8c465b041ae01c92831b6a81edb6a0a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b8c465b041ae01c92831b6a81edb6a0a
Size

2.6MB
MD5

b8c465b041ae01c92831b6a81edb6a0a
SHA1

d0d3d61616eaf0bac7cfe1f1eebf665e12a552f8
SHA256

aafb2ec809e349d0c58f20a47ac30a3b3e3d86511eba65881c586845cd6baaea
SHA512

ce1604862f8cfe550757d9f9fdf66baaf98fceebba67668a7061f7518b5c862818146296d9ef6f5092461ac3556bbb8e110a18579b62fe5e338debf806ff722f
SSDEEP

49152:EwcRivzmZ5OXH0VORcDxak8YXVqVFhgLS9N+eXpJOfhakWa4L0MS+HY5tpHW:EwcYrSOHEDxrXVkuS9NH/+hakWaGbS+Z

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8c465b041ae01c92831b6a81edb6a0a

Files

b8c465b041ae01c92831b6a81edb6a0a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 43KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 435B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ