24c40b1d9aa3072dc12c28d7c94062c511f091053b0034c7a2a6117be5fa1960 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24c40b1d9aa3072dc12c28d7c94062c511f091053b0034c7a2a6117be5fa1960
Size

2.6MB
MD5

def7d4d0da7926f6f68a83083bc9e8ac
SHA1

9951e3193aa96226e0df9b37cd0be7967cf8e158
SHA256

24c40b1d9aa3072dc12c28d7c94062c511f091053b0034c7a2a6117be5fa1960
SHA512

537249073cf816c97fb3cb0a255431b9690bbc20ccd204516d586552777266afe74f453c5076600b548d4988a8493b41ca674c2e50680c0f0c9bce0701efe1df
SSDEEP

49152:+XzhpDtKSK1cb8PGK+Tfuqmpc3elWo8GnQAsYZEVd:+XzhW148Pd+Tf1mpcOldJQ3/Vd

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c40b1d9aa3072dc12c28d7c94062c511f091053b0034c7a2a6117be5fa1960

Files

24c40b1d9aa3072dc12c28d7c94062c511f091053b0034c7a2a6117be5fa1960
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ