6883139082ae5f18123970e533055eed40203e52eab16a4946d923b2c0f942e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6883139082ae5f18123970e533055eed40203e52eab16a4946d923b2c0f942e0
Size

2.4MB
MD5

cb8f5147c5e83f96926d5663f0e6aebf
SHA1

89cf61125f8b0a3282e5d5d229390c709d2c2336
SHA256

6883139082ae5f18123970e533055eed40203e52eab16a4946d923b2c0f942e0
SHA512

5043cd24a4fcc60e782d33c5422bd733c012bc8a4049450055814d9b0ff100ea5a454281ac9d5e85a5b74754f866861d754b452b576e5aa6e8ce68f3917322c0
SSDEEP

49152:tnJwLEXCi0nZa3gkrI/Q7S9iyQ7/ZZMqj3RHwyxMG7wQJ:3aowX/Qe9iyQFZMqjB3xMGkO

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6883139082ae5f18123970e533055eed40203e52eab16a4946d923b2c0f942e0

Files

6883139082ae5f18123970e533055eed40203e52eab16a4946d923b2c0f942e0
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 133KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ