df305904bd6805b4a80eed83e2fd199d7a3f46ec92265bb524d71dca534f3938 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df305904bd6805b4a80eed83e2fd199d7a3f46ec92265bb524d71dca534f3938
Size

2.7MB
MD5

90190fd715095068aaddb89fcba2f635
SHA1

a86b2c1b60b9aa80800352216c6574e51527a6ee
SHA256

df305904bd6805b4a80eed83e2fd199d7a3f46ec92265bb524d71dca534f3938
SHA512

d7354938a5ef0eb10b6483260e9c96d7340854eb9d42e92388e769c324ae3de1a710f208f824508b424a575355876874fd6a66abb3596130a3152bd711f95b2a
SSDEEP

49152:VOzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05t:VOzaT00zcC8ahhSo9sRf44z1/5t

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df305904bd6805b4a80eed83e2fd199d7a3f46ec92265bb524d71dca534f3938

Files

df305904bd6805b4a80eed83e2fd199d7a3f46ec92265bb524d71dca534f3938
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ