cc93834a88f3c4ce756c48e28c7b5b82 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc93834a88f3c4ce756c48e28c7b5b82
Size

22.4MB
MD5

cc93834a88f3c4ce756c48e28c7b5b82
SHA1

d91e11b9eae661b2b4a65707cd129690ae57d97f
SHA256

d16811d4a60db58fcab088a635dff32d1a2500072490184b968fac3a131bf21a
SHA512

29b837273baebe5b6b15e288e02152b9e3ac57671e11b22ef0c5acb456c66a633da8d35449b22c2fc46433f75ac221ddb9946a99762290c1c00cd404ea7f7ba2
SSDEEP

393216:Fbu8YuQ9bhdxM+m67o+xfn33z0XLCGTi1cGqG++sZj+xmz7lY9w8V:Fbu/uQ9b7xMFOvzsmchX+sZj+xmz7lY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc93834a88f3c4ce756c48e28c7b5b82

Files

cc93834a88f3c4ce756c48e28c7b5b82
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 701B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 30.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 19.5MB - Virtual size: 19.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ