6568b26a110446226bd8d1ba2d6649e89bf7b094ca37c13f823295ed2e4ea56b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6568b26a110446226bd8d1ba2d6649e89bf7b094ca37c13f823295ed2e4ea56b
Size

7.5MB
MD5

08d92958bf90cffe6ea215ecf2c5465a
SHA1

41c38c2d8098b6d6de7744cfa851d0fae181e1f6
SHA256

6568b26a110446226bd8d1ba2d6649e89bf7b094ca37c13f823295ed2e4ea56b
SHA512

bf190f84d74c2e8a04fa666545afa4e07b61ee21c2e386f26c5719a6821c0e6aa0fec86600adb139f91114ed4f8405fba9aaa2f972c939db5196e4e1c08675cb
SSDEEP

196608:qBM7SIzekViFqLIMqb7Ie8IUYr/+sp5IK8nRPBCv:6M7SciFqBqHIKrfgRJ+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6568b26a110446226bd8d1ba2d6649e89bf7b094ca37c13f823295ed2e4ea56b

Files

6568b26a110446226bd8d1ba2d6649e89bf7b094ca37c13f823295ed2e4ea56b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 102KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 913KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 337KB - Virtual size: 834KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 75KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ