cb75519bfd8af4af352f2dfdcc96dd2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb75519bfd8af4af352f2dfdcc96dd2e
Size

6.4MB
MD5

cb75519bfd8af4af352f2dfdcc96dd2e
SHA1

6dab516aafc42de4fec85b1a0c3e94b24c2e382c
SHA256

0f80de497eb6d44b7056cdbfa9a417dbd38b7edee76507dc8e332b54ff0f47e1
SHA512

ae9cce2b01c4b79e6825226756996d5c2ed4d977e9ac6c4aaa5f173854882baa3951dc074103d8d422b16a33c8f4d68324a7a4d5186d6c288b83e9d62c49dcfc
SSDEEP

196608:I7AyvCtgMzWiogFDDYKHeWEhnij765B/veqFVmwKcy6/h:xwVMzEYDsKvanijWp/mrQp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb75519bfd8af4af352f2dfdcc96dd2e

Files

cb75519bfd8af4af352f2dfdcc96dd2e
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 41KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 578B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ