92105da09cc48e4f81bdfe124904bef025ee94c8ed8809353b1f19193a8badf3 | Triage

Sharing

General

Target

92105da09cc48e4f81bdfe124904bef025ee94c8ed8809353b1f19193a8badf3
Size

7.3MB
MD5

a5891df2ec1f8f0335bc744b24b4d646
SHA1

d8aced6d7fd09deb2580990cecd2594c17d75c4d
SHA256

92105da09cc48e4f81bdfe124904bef025ee94c8ed8809353b1f19193a8badf3
SHA512

eae0d11b4e25ab03a194c9fd0a844559b66e9f34809a34509a61f86b8a02d48193b74b937fdf2857ad473598fb3ec888d8dbf126637750bca46d0e3c7640ffa3
SSDEEP

98304:6iqnIOSIVtC+icuty84gK7NcnJygMABQYCFsq1kkkkkkkkkkkkkkkkkkxkkkkkkb:8IpIjut1Bc+naA6YCFVy2A026

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
92105da09cc48e4f81bdfe124904bef025ee94c8ed8809353b1f19193a8badf3

Files

92105da09cc48e4f81bdfe124904bef025ee94c8ed8809353b1f19193a8badf3
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 2.3MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE