ca729d27e8c10669d3823300a3d7fa5a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca729d27e8c10669d3823300a3d7fa5a
Size

3.6MB
MD5

ca729d27e8c10669d3823300a3d7fa5a
SHA1

b125f2da6ec8ef79669c0a25a559cb7d4d0abe79
SHA256

7dc7f273f2b3d7531efd4e38dfec1907f5000ca699303bf1efbcf33c7bbee270
SHA512

2237f0a22891d0a7727d9d0fb8852d1e809cb38bca4976b31d6ff382138af6a81652f3803ddc0004e26d26ce1eac59f864975e61d2f5f5fcd3cf22cfe6eb246b
SSDEEP

98304:WWHCRgDl8QttGpLsb33wXW1nsEu13LHPSEiQQszRW3f:FiRAl8cUpLOiW1nsEu1TPSEzRFW3f

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca729d27e8c10669d3823300a3d7fa5a

Files

ca729d27e8c10669d3823300a3d7fa5a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 425KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 14B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ