b1bd9d8e080572b906c737e7f25280c085df03e70a436d04455ff91b1b4004ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1bd9d8e080572b906c737e7f25280c085df03e70a436d04455ff91b1b4004ba
Size

2.5MB
MD5

14883b3fa9fd903553c91f0edaf18978
SHA1

3db5d76d0ad8417b82269ac272b82077a0aafd1b
SHA256

b1bd9d8e080572b906c737e7f25280c085df03e70a436d04455ff91b1b4004ba
SHA512

08f77e3be144df3f31bb7807d46a4b2ef9af310e0a55a0a9ec5eee36da9fe69181c6757579da77fd2a2fa4c0446f050ca9dbca6a773fa3b4f98bb7dcb2588531
SSDEEP

49152:3yjV4sUdi9qX/ZPsJa/Qbwqd+ef9DurIA8urMN0d4ujH:LZ6GZPYBD+cjuIa1jH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1bd9d8e080572b906c737e7f25280c085df03e70a436d04455ff91b1b4004ba

Files

b1bd9d8e080572b906c737e7f25280c085df03e70a436d04455ff91b1b4004ba
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 508KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 64KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 36KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ