3f6033fde0d26ffbf8550e18756c87161a13a6539bb409120bdff1f862f45a06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f6033fde0d26ffbf8550e18756c87161a13a6539bb409120bdff1f862f45a06
Size

3.0MB
MD5

3461cf881a0b42c28492dd5e259a6391
SHA1

5de127dbd5ad7faba7c9889554a95c0537b95d89
SHA256

3f6033fde0d26ffbf8550e18756c87161a13a6539bb409120bdff1f862f45a06
SHA512

d42b7130c80c5a2e67672935dff3df8b456f2b9d23bdf441b04e0ad5f926517e49aa127baaff19a19abd396808eab922cbbd529b100ef5c7854517f8486cb1ae
SSDEEP

49152:GN+kQPHV/3keMu+NvBBL2MQR6SkXGODLgc6xK+KHcxR/Pslj6o3qnwbC3N:Ae1R+dHLiRYWODLOM+TrPslj6Khe3N

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f6033fde0d26ffbf8550e18756c87161a13a6539bb409120bdff1f862f45a06

Files

3f6033fde0d26ffbf8550e18756c87161a13a6539bb409120bdff1f862f45a06
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

Start

Sections

Size: 526KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ