cbf70c6be1bb5bf63986ab0795ca815f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cbf70c6be1bb5bf63986ab0795ca815f
Size

5.3MB
MD5

cbf70c6be1bb5bf63986ab0795ca815f
SHA1

247c14a6cd2f44edb0ecb753b8ffbe19b5ce8243
SHA256

a4fb09c0602168217d892fad982b47489afa72de04614838c3bda36c4ffd85eb
SHA512

456516acf88fd371de8314fc481d5783c454ec9b6bd713810c3c86be4d7975e6486044e7932a4958257548d448b44377bd43e71a95ec3b6cdde6264bdf6ec174
SSDEEP

98304:Ifux2QdnHbcRKWZjPUkNINNzfExTsB7JSzjDZ/ghL7u9rFmDEcPFaOv4qHV/LYUh:IildIRTjPW/LExw+bRghL7u9rQl464qz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbf70c6be1bb5bf63986ab0795ca815f

Files

cbf70c6be1bb5bf63986ab0795ca815f
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 32KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ