35c8b0b91dbdad7fc19353e1c6f5120f2fa26b8b631e1b3663f1015187c77de0 | Triage

Sharing

General

Target

35c8b0b91dbdad7fc19353e1c6f5120f2fa26b8b631e1b3663f1015187c77de0
Size

1.7MB
MD5

662ce987418c28001ed424880bf6df50
SHA1

959a88a6b0fbfc40db0ad97de3c17e67ef84e1dc
SHA256

35c8b0b91dbdad7fc19353e1c6f5120f2fa26b8b631e1b3663f1015187c77de0
SHA512

9b0696aa124290bf966661097b59e21d51975b16357a1c76a9850b4aee441abaca0c2c736add77fc6b13f27db742c291d80227fda0cc08c33d7378d167150f8f
SSDEEP

49152:bxR+7Mb79Hinon+7rQLG1AoL/tIugKJvoW:byMbconWekztMW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
35c8b0b91dbdad7fc19353e1c6f5120f2fa26b8b631e1b3663f1015187c77de0

Files

35c8b0b91dbdad7fc19353e1c6f5120f2fa26b8b631e1b3663f1015187c77de0
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 139KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ