d78bf4ca657d3b9195a0494c63a86179 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d78bf4ca657d3b9195a0494c63a86179
Size

6.0MB
MD5

d78bf4ca657d3b9195a0494c63a86179
SHA1

6abfa8ad074be0b43c6cf69278330437aeedfaac
SHA256

74688cc7107f3628a7b3c715b6b85d3a5a76cee87501c4ef4193077657671704
SHA512

1405f45f41a3a4d2839789cde34066588508d6c4e1a7b72d9fa3f4051078ccd93e469262799c5def3c6b5258977a5ec262a1554e8d4f3cbbedf33924cfaa8efd
SSDEEP

98304:SMnngQPUqulOPRH4Ny0T6xh+USna8f14Yp+QYd2v+Tg1hHE1k1+USnUXLDojEXqH:SMngQPjpZz+USnVftIQYd211E1s+USnx

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d78bf4ca657d3b9195a0494c63a86179

Files

d78bf4ca657d3b9195a0494c63a86179
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 460KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 21.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 546KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE