9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d | Triage

Sharing

General

Target

9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
Size

6.3MB
MD5

1306e81bc13677c04abe69a1d2ca4e12
SHA1

71e0de1475bbdfd9d244613d733ef33cf531e89c
SHA256

9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
SHA512

413f356c8f556e720b0677d88e1d4328a21983e6ffc0f1c49ac19bde9df5e787409e2d7520e557ee7eeee39377140bc2a756aa2eb959c7b397ac3a7b124f86f2
SSDEEP

98304:vMlj6Zrx1GIpunUNmw6M47l6xhi91sq0Na3PNSw+i35dbX7MztyszU:EluZrf6nUeNlv91sFA3lEk5dbX7Mz8V

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d

Files

9cec62fb802376768ad3fc73ef78aa6f2d34ec683696e597536ebe2b5fcb798d
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 2.2MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE