02061e0a6d7718649922903cfd32e2a7a94b09f5245458e34bf1e0c62f294beb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02061e0a6d7718649922903cfd32e2a7a94b09f5245458e34bf1e0c62f294beb
Size

1.7MB
MD5

1b5a815bea9a2217362aaf8aaf5ba495
SHA1

3e6c9fc14e70f9b865fbaeb973601e25f0cb427b
SHA256

02061e0a6d7718649922903cfd32e2a7a94b09f5245458e34bf1e0c62f294beb
SHA512

7c4f1a9fe3e0dc2ee061d1317202d983038eeb5a87c43791935e9338f628a5b4cf29b87c6b13a32176a96bda3b25e81f12de49a34f7542dbf3cc94249348811b
SSDEEP

24576:TUK1ZuyG8RnAQJlWsZFFE8IBylo7GYpM40Stuy96ciEt/XxkfjrJKa0PwwyQNQPk:T11hWsPFLyK40StV4rEXsjrOPwwa2+dO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02061e0a6d7718649922903cfd32e2a7a94b09f5245458e34bf1e0c62f294beb

Files

02061e0a6d7718649922903cfd32e2a7a94b09f5245458e34bf1e0c62f294beb
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 139KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ