a515baaccaa2b33c5ff7016a6e2acacd9cda3faac4079e2188e532f164d7cb5e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a515baaccaa2b33c5ff7016a6e2acacd9cda3faac4079e2188e532f164d7cb5e
Size

2.7MB
MD5

25d790fc942f88aded5f87a7010cd57c
SHA1

444232ae8240000a8a3c10420d669ec7bb765f3e
SHA256

a515baaccaa2b33c5ff7016a6e2acacd9cda3faac4079e2188e532f164d7cb5e
SHA512

7ec760ff894594e5120b40958bf86c29bd3d4867731ec3cd784fb8d37db385d717883b9beb6eabce0e9f31b503338483159b510500f842572fff8dcc334f12ef
SSDEEP

49152:VtzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05M:VtzaT00zcC8ahhSo9sRf44z1/5M

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a515baaccaa2b33c5ff7016a6e2acacd9cda3faac4079e2188e532f164d7cb5e

Files

a515baaccaa2b33c5ff7016a6e2acacd9cda3faac4079e2188e532f164d7cb5e
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ