5aa6fcff274f1973e93fc48509fcc36ea6fa1e99cf00796d87607fc231c0a6af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aa6fcff274f1973e93fc48509fcc36ea6fa1e99cf00796d87607fc231c0a6af
Size

5.7MB
MD5

eb4cce36f906ebe0abe3850ecfe2f7d0
SHA1

5044e81985b1d69a0710d9ae7e2e04cba7b880e6
SHA256

5aa6fcff274f1973e93fc48509fcc36ea6fa1e99cf00796d87607fc231c0a6af
SHA512

29e8bdc66544ba698156358ca134820b0fb943fdbb2c7b7d1afac98d7435e5a3f9be4c21ff6def4382b1b700dc19c211965b59e6f4a9a6a32992e70add80c509
SSDEEP

98304:pHIEMLphbhiPUdQf++MtsB0ShMrUC4daP3HOBh9EWOO+4sYrqg9CpDLId3UF00e+:pVM1F0Pwsv6UCw0eBhqWl+jYega/sUFb

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aa6fcff274f1973e93fc48509fcc36ea6fa1e99cf00796d87607fc231c0a6af

Files

5aa6fcff274f1973e93fc48509fcc36ea6fa1e99cf00796d87607fc231c0a6af
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 491KB - Virtual size: 968KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 449KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 68KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 7.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ