cdc6c758bc8729c435c464ad0d0102f0 | Triage

Sharing

General

Target

cdc6c758bc8729c435c464ad0d0102f0
Size

3.2MB
MD5

cdc6c758bc8729c435c464ad0d0102f0
SHA1

7683e9a28e5b62d6a8cb21de74959381935bf4ba
SHA256

f10f34c3d3e8141ac22a50b39196c4054a530c5f747ce0d473bfacf278a2a242
SHA512

d0c46098f6f2e2ece4bf9332622762eea28036e08bad080ed921de8d0485365b651b9479e4f1c40d107900e8d1f3f41daabd41678d685984bac9c5d5677fbc2b
SSDEEP

49152:e/NxdEpzW5W6KhOWo5lLwii7MQG1xW8aVOJpGWkE6Pd+63L2cIW29bV:e1xdWqKi5JwfgQ+janzHPd+G2cIW29bV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdc6c758bc8729c435c464ad0d0102f0

Files

cdc6c758bc8729c435c464ad0d0102f0
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 43KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ