e1af5fed9e816a4f21c4f25e8d1388d8e8deac07c9cacd2889b749f2ec28a396 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1af5fed9e816a4f21c4f25e8d1388d8e8deac07c9cacd2889b749f2ec28a396
Size

2.3MB
MD5

768351e7fb4e73a68d6128a4ab7ccc4e
SHA1

b2e42ae8d8f154800c6ade37ad6ce4e903da79de
SHA256

e1af5fed9e816a4f21c4f25e8d1388d8e8deac07c9cacd2889b749f2ec28a396
SHA512

76f96b1e6d962937822c05814c77ac8903ac612db07d8daa7ddb2fb7443e6151afc880daf5a8a3e42b4f3e8dc081f391cab3e8098fb4af8ac31ef81a66d20941
SSDEEP

49152:slSjQK5x3FmKk/94sCxLAhikFWmZTBV3YfSwuKw/n7mZ8cT308LMbVyzx:E0FmKZzzkQ0Tz3uS5JSZ/TkSeV8x

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1af5fed9e816a4f21c4f25e8d1388d8e8deac07c9cacd2889b749f2ec28a396

Files

e1af5fed9e816a4f21c4f25e8d1388d8e8deac07c9cacd2889b749f2ec28a396
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 99KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 34KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ