082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29 | Triage

Sharing

General

Target

082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29
Size

4.5MB
MD5

f5b8df75e1a03059ad63447c880eb0dd
SHA1

1a83532ceccd3ed9ad7179305ea32e54734dd17a
SHA256

082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29
SHA512

f253d172e7cba0c86234aea0dfcb32a7dfc5540971b6f47c6dd12f9774a67958c8598b08b2790c4d577b1ac5111a9143dd6e9ac3d344b946737d35a778b36b0b
SSDEEP

98304:4HBZetwxMPUUI4lJHIZr5QvV4zthROYob8gmcKDYKiI:AZetwxMPUUI4HHIPQvV4zs8/cyY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29

Files

082dd397e5941bee9bbafdb3eaf95d2b042e442105178f676fa28edd6ecbfd29
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 100KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ