c33d0ee6f6f721dcbb08596ba6d46e5f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c33d0ee6f6f721dcbb08596ba6d46e5f
Size

4.7MB
MD5

c33d0ee6f6f721dcbb08596ba6d46e5f
SHA1

36e6ae1c84a32a1fa028288b2585a5020a658d39
SHA256

121debeca4aab09ab0bdefb2017d4be4b9b2f9f9472cb924e76df890d7f5f2fb
SHA512

966b15f86dd4ff467dffc68bae56bbaaf7bfbac80f2a6d09638d2e328f601966500923c200bd70dc92f42e81214e2809fa0d2ef3f2af5852a787ea93695e8637
SSDEEP

98304:vx/AcRqOJSQt04ayS7/mPbmfxzMu7aJL4bSp50FTP1PEf:J5qOJT04A/mPgt4NgSpyc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c33d0ee6f6f721dcbb08596ba6d46e5f

Files

c33d0ee6f6f721dcbb08596ba6d46e5f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 423KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 25.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 575KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE