4f2f66ec723a7d1fd730d988250b2a3fd052681644f7a05e0910dfaf566d1bb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f2f66ec723a7d1fd730d988250b2a3fd052681644f7a05e0910dfaf566d1bb8
Size

12.4MB
MD5

a08cb4b954275883fb836bad16d06780
SHA1

423c18c0def36046b229b7bfb13759a2ed023fd3
SHA256

4f2f66ec723a7d1fd730d988250b2a3fd052681644f7a05e0910dfaf566d1bb8
SHA512

704014379ed64ed0810adb3c2f86ba1077dc57ff008d0b82cbea341c715751af186820aa1d9de5d7b837348c0033be8a1418aeee4a319a9e372629f7728ee641
SSDEEP

393216:Pybp7++r1zrtiAzplpUaQs7/QOinA3PDYQ716f1X:69/r1XtiAPpUaQsiOPDY9X

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f2f66ec723a7d1fd730d988250b2a3fd052681644f7a05e0910dfaf566d1bb8

Files

4f2f66ec723a7d1fd730d988250b2a3fd052681644f7a05e0910dfaf566d1bb8
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 964KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8.4MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 92KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ