c83f52795f03eb9cbbfaab42340febd96e3d5771734abd89eeac3fdd44a2c2e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c83f52795f03eb9cbbfaab42340febd96e3d5771734abd89eeac3fdd44a2c2e4
Size

13.4MB
MD5

6103691f69e6f6c30fef60a090925f52
SHA1

e6fb7ddca4d14db6531fedcad138d6e3711bf485
SHA256

c83f52795f03eb9cbbfaab42340febd96e3d5771734abd89eeac3fdd44a2c2e4
SHA512

566e1f0e23ebc465e7a29b53b98bf81bf0c958fd0038a39d522134baf05a7366884205ed0aad0282b912a4b3ca042bed1fba232e1bb7ad8ea4b5d973b689cb88
SSDEEP

196608:PZZufQR45DmVXWYk5pnww4dZph3wzOJ22P4HjHpJP1YsrIQi8g8P2mOinDwyHB74:PoImDmRWYkk6WPgfP1PIQi8Kww3T05W

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c83f52795f03eb9cbbfaab42340febd96e3d5771734abd89eeac3fdd44a2c2e4

Files

c83f52795f03eb9cbbfaab42340febd96e3d5771734abd89eeac3fdd44a2c2e4
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 552KB - Virtual size: 929KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ