c3028f7568554c0601e26f8dc7a960b1 | Triage

Sharing

General

Target

c3028f7568554c0601e26f8dc7a960b1
Size

81KB
MD5

c3028f7568554c0601e26f8dc7a960b1
SHA1

744056d3c1fe45a6831a503a0541dfb41a204a5f
SHA256

ec4e5341157140043b946a334e6c05885406a8beff0f63f81821622ed5aafc5a
SHA512

e6d52cad4f821c380d47421b0673ca041f51d8d5a0a93d13e32e7db881af9517a05acb0422830ee6f6b6672327e3a2fdf8edb19e4c1902b138429ee7673e94ac
SSDEEP

1536:CtkRQJ1yrNlHvkoc74xjDCRX5IkPSLncQ3mTHE8JCBocMjILe:CtV1yTHv3W5hPSxe3sScMj4e

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3028f7568554c0601e26f8dc7a960b1

Files

c3028f7568554c0601e26f8dc7a960b1
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 365KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 19.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 944KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE