ba0cfab54ad713bf90436be8f7c9d649 | Triage

Sharing

General

Target

ba0cfab54ad713bf90436be8f7c9d649
Size

5.1MB
MD5

ba0cfab54ad713bf90436be8f7c9d649
SHA1

323e0b342c32551bd568acd4d13c9abb81cb4db0
SHA256

2996c48e02d65429e74806290b02709574757df1706af126439c242fab43103c
SHA512

34b588281c94f44c99eb4c7b54997fd36dc718ae2ef5902c48d219e38086baa0ba8d39cef8c783526b88a661c47484514890de21f070728c737e8c95629e0546
SSDEEP

98304:uKVWUjpxklEBKmlLDTi0/If7ZdhJhY6s37wWNSnJSY2KbYiHqC9r0WsO:uUjwleFDT9/If7ZdzY7dNSJPtKdWs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba0cfab54ad713bf90436be8f7c9d649

Files

ba0cfab54ad713bf90436be8f7c9d649
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 408KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.2MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 553KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE