d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77 | Triage

Sharing

General

Target

d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
Size

6.1MB
MD5

ef25d40267a23924210989a31b6fe6ab
SHA1

8642da158dee5ff584c462c51b11b47401dcfea6
SHA256

d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
SHA512

3df37b6b3da77e5efd4f17bc4a3b2769009b943612187ae21552d671f4e4a23a43a7fc468cade4e7aa4a9f08b08a4cbb46d15a535935102578210bc9e5bbcfe1
SSDEEP

98304:hgEryB3dLCnvXgjvC8giqW/qGXbWg555yo3uZuuLnWfOPEI1:WSsNLCnvgjvrgiFqChN3uZuuLnWfO8I1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77

Files

d43df58a2a5f5c0553a3a80375f9388cb06b365018fc1da21d50bf777efd3a77
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 2.0MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE