ca8b3b999987d9c535b44c15d78c08c0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca8b3b999987d9c535b44c15d78c08c0
Size

4.7MB
MD5

ca8b3b999987d9c535b44c15d78c08c0
SHA1

f568d8480798ad379651f331f3a9c2b7a93125fd
SHA256

1815055f4328363f3f7a0407633b5799aea761bc6e34b110f038c8f312dda7b5
SHA512

0fffb05d244c9c380460d4f5298d70f272949da0c1963eb4369a35b5079d9cddc5632ba3f20f7fd580455a059c08833515f8f550547df0dc36cc3f62b2d0d91c
SSDEEP

98304:8n4wbVljebdvQvhiLqdJgNi8VUu7hpY9xqE40IfIrLCjDrDd33Cvd/t:84swKiCf8UxqE4bfXXZ3CF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca8b3b999987d9c535b44c15d78c08c0

Files

ca8b3b999987d9c535b44c15d78c08c0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 423KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 25.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 594KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE