df1b09e92be020e864cf527ffa83e950 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df1b09e92be020e864cf527ffa83e950
Size

1.4MB
MD5

df1b09e92be020e864cf527ffa83e950
SHA1

47a1cd53ee2fc51548082c868124041196fc6ca2
SHA256

7deaab1b178dfa81c159eed337ef8013ca1ac1514dfdee785e02ec94205d0ddb
SHA512

60a994aeaf793e92e9619dcd0b09ff4368568944d501170a53b262f39eda975c49bf0364347474be525518909d98660b7ca98f912c0641f2d10629903eb90b70
SSDEEP

24576:NrA2Pf0hwSM6gXQNPhwpusJUY42S8rLsF4AJpUnchLqRX:VPMzfgXkPe9R4dsYFVmcJqRX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df1b09e92be020e864cf527ffa83e950

Files

df1b09e92be020e864cf527ffa83e950
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE