c11f8c00e49341af48bc4e3249afacf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c11f8c00e49341af48bc4e3249afacf7
Size

3.1MB
MD5

c11f8c00e49341af48bc4e3249afacf7
SHA1

beceb601b11a7de46eea8da8df4ff4b60e9813c3
SHA256

e845cc5f7d6fb0905ef4a901ff455fb3edde0daba847f9d21532e7992aaa5a1d
SHA512

c459b43d1fb9579f8f94664bfcdf26c116748b4bf1c605630f89a9428c7a6a6bee5b679335989e50196ebdaba4c4dc0597c68ad2b3a0707eff3e1e87231fa655
SSDEEP

98304:Rq49ahyMv9fIacYp+QhQZbvqGSd6tjENqLG+OJ:7Mv9AarIQgqG26SX+OJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c11f8c00e49341af48bc4e3249afacf7

Files

c11f8c00e49341af48bc4e3249afacf7
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 539KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE