4b94bb2923023d234551b4787fc10f5f1c1256f2cdb27d27269f36a9ddb18c40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b94bb2923023d234551b4787fc10f5f1c1256f2cdb27d27269f36a9ddb18c40
Size

4.0MB
MD5

b7bf0dc696bf24030f764ea881c7145a
SHA1

9e28db09798ae510ac6e00f54d136a19b1008fdc
SHA256

4b94bb2923023d234551b4787fc10f5f1c1256f2cdb27d27269f36a9ddb18c40
SHA512

e6b89cd4952ff69c442615012867c1c31b1375d6340ef2d963990afd58cc7a6a3cb2cfcca22a0205a0951155fba2aec70235a6c91afea43222f66ca2e77ea465
SSDEEP

98304:HtQWy6eXEInWtwAxMsbcaZPHxUSPybnPwzCkE0:HtQWJo3WtwAOsJUS5zCh0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b94bb2923023d234551b4787fc10f5f1c1256f2cdb27d27269f36a9ddb18c40

Files

4b94bb2923023d234551b4787fc10f5f1c1256f2cdb27d27269f36a9ddb18c40
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 356KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 40KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 800KB - Virtual size: 876KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE