1bc425f4f4dc08d0284da9f0c03364a0d87b465e6adfcfbd4c1b3cd9e126348d | Triage

Sharing

General

Target

1bc425f4f4dc08d0284da9f0c03364a0d87b465e6adfcfbd4c1b3cd9e126348d
Size

15.1MB
MD5

5a9b1108876c26ad6d33a03d9e125cc9
SHA1

d3fe9893fd4d8689d1b2f0912c94f92ccdec0090
SHA256

1bc425f4f4dc08d0284da9f0c03364a0d87b465e6adfcfbd4c1b3cd9e126348d
SHA512

ff82a6f9e4796008f15857fdc8b76e56aff7e4dc0f7f9b87defe6297ae1cc62db3b16a65e7b93dd8e43cf61d4e7b4f7642788e878262d8fa6f5c96ad55174d08
SSDEEP

393216:qVswOBQKTwNi9xNguzbQYe6AFtN0KuBDF:m0BbQ2NguzwbA/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1bc425f4f4dc08d0284da9f0c03364a0d87b465e6adfcfbd4c1b3cd9e126348d

Files

1bc425f4f4dc08d0284da9f0c03364a0d87b465e6adfcfbd4c1b3cd9e126348d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 444KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8.6MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 46KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ