5bf95db87ac253ddb38965a9591a504e175e3f99e5b74576558c7ec657cdf5d7 | Triage

Sharing

General

Target

5bf95db87ac253ddb38965a9591a504e175e3f99e5b74576558c7ec657cdf5d7
Size

7.8MB
MD5

f2eeb93bbee51c6e4292dfd44c60e870
SHA1

5dcd7e95062e7c5a83f10aba2289d775c8049c5b
SHA256

5bf95db87ac253ddb38965a9591a504e175e3f99e5b74576558c7ec657cdf5d7
SHA512

a5dfc17e9617dd3b2ddfa086c787af08a37a2574310dd846889519253d6b84ff6b25932bb61d45f5f58076da7e9a327d51d9c77fe0d7b989a1e4173988eae5f4
SSDEEP

196608:T7Ox3nmhcm0+hUzw041EcdoYmQ4FZZlguX:TaxWhcX+hp1xdHqguX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bf95db87ac253ddb38965a9591a504e175e3f99e5b74576558c7ec657cdf5d7

Files

5bf95db87ac253ddb38965a9591a504e175e3f99e5b74576558c7ec657cdf5d7
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 54KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE