c4be87c625537edb27cc6ca04c07498f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4be87c625537edb27cc6ca04c07498f
Size

41KB
MD5

c4be87c625537edb27cc6ca04c07498f
SHA1

314cc18633988d386506008bc70bb89c0cf01e41
SHA256

cff9aae67df424ace0aae0f1173f1489ffeae370f925998b41e103fe83d6acb4
SHA512

938887d5d8be34410f963b480b50bd9e98fac077c776efc9b90ba27bbb71714c9a16e9dc9301e6b07c88c83d14519b94bc65665846bf558b83343fdb102103ef
SSDEEP

384:pMnAYvL3XG+3N+pCiq5E1uVoYKDGh67Pr3eIx4J9aE5bYEp0OkIHwwu3pqd05ZYK:oR7Xr3r5m5biNnb55pcpqm5ZYlM/aT6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4be87c625537edb27cc6ca04c07498f

Files

c4be87c625537edb27cc6ca04c07498f
.exe windows:4 windows x86 arch:x86

ffbad6a66af21567244405eff2348c33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DispatchMessageW
GetMessageW
PostThreadMessageW

msvcrt

raise
signal
atol
strlen
exit

kernel32

GetTickCount
FormatMessageA
LocalFree
GetComputerNameA
GetFileSize
_lclose
GetModuleHandleA
OpenFile
_lread

Sections

.code
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Themida
Size: 23KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ