c6ecd48b03f25af945a51c42a2e39aa8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c6ecd48b03f25af945a51c42a2e39aa8
Size

1.9MB
MD5

c6ecd48b03f25af945a51c42a2e39aa8
SHA1

b3264d3e3b2ae735d02996c0e6012dfb5aa82334
SHA256

bb0bf0cc2e2187c4a3f6e80c665348b72e3293748f293ba482dd10d32d7ce0e6
SHA512

971dd5008958e155f7cfe9354789ea97dcd055fd24c498b095c76ffe1ca704e37d0842cb9be4e4eb8a1a478702a64039440c6a18b60475c54c5df32c625a47b9
SSDEEP

49152:t7guAm8PuQu5M99yAKvuUOJtfiCdC32W0GF16:JEm4up5ogGXJxCJ5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6ecd48b03f25af945a51c42a2e39aa8

Files

c6ecd48b03f25af945a51c42a2e39aa8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 31KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 323KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE