c85b3c63e8abc7111f33ab4813bb4591 | Triage

Sharing

General

Target

c85b3c63e8abc7111f33ab4813bb4591
Size

113KB
MD5

c85b3c63e8abc7111f33ab4813bb4591
SHA1

66632cd73033381cbc5e67e98a0367025737a955
SHA256

dd7a5381baa18d62bbc3ef9d9b9ecb83690d6fa31eb07ba822c170b12168df6f
SHA512

644cb48ab7efe6acda619332227e82eef4892f0ca63d944ed10b34ebdcc7f8d9069e69eb6484e96ca0a090fdc35e3250a14da517148ab7e62a285b2729b12941
SSDEEP

3072:2R7dw5hwVkrZWG4tyk3Z7LmgSITWDAWRf:2R7dq+GZ94cS6gYv

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c85b3c63e8abc7111f33ab4813bb4591

Files

c85b3c63e8abc7111f33ab4813bb4591
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE