c85906532d3513e2ed2bd81f86f125b2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c85906532d3513e2ed2bd81f86f125b2
Size

5.1MB
MD5

c85906532d3513e2ed2bd81f86f125b2
SHA1

dca4ee750bd9a6245695817c6e7eddb109f93e1e
SHA256

a3dce59c38289647a6526e2b78ff9cd4bff8a84f4f238e0aa88869234a9191bc
SHA512

33603e87e1e569ad58ee10ac9324fa2ef00dbacfac18e0f114e9643b198c970332b140baf043e6db7f54e609b512937a7b4ac7812cc95d55458b35a70a987c47
SSDEEP

98304:7Ii6LdVW6Dc2nRMjZtkRFUl70uE1o/mAICvbh/9RZJlEXon2hWZDKtRLUDL9y:kLdVW6DNMj+40hoaCdx4p8AeDo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c85906532d3513e2ed2bd81f86f125b2

Files

c85906532d3513e2ed2bd81f86f125b2
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 45KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 581B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ