3c1ca76c4a4b89a32eba0c1dd52b1aeaca05d1e93bd88582b19ea6a8d4ed27c9 | Triage

Sharing

General

Target

3c1ca76c4a4b89a32eba0c1dd52b1aeaca05d1e93bd88582b19ea6a8d4ed27c9
Size

5.9MB
MD5

c73623e06d324b79cfd1def5aa692607
SHA1

5f4870348523cdb433fb7fa18002cd7f4b7cee32
SHA256

3c1ca76c4a4b89a32eba0c1dd52b1aeaca05d1e93bd88582b19ea6a8d4ed27c9
SHA512

d869b5355e466010b927f33a991921979804ba3a734dec4e1d63d62b8a6404fe2ff028ef718de25a78466b957f89f4e9b1302a2ccc08eb1f6a692a00cfcff78a
SSDEEP

98304:XOS8BK+0dVS+ljIjspiZYGaGdAYFMH2Sm/tYeX4v0udgk85aZMogC6w9:XOXB0dVS+lwGgxdAYFMH2ZoPo5a

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c1ca76c4a4b89a32eba0c1dd52b1aeaca05d1e93bd88582b19ea6a8d4ed27c9

Files

3c1ca76c4a4b89a32eba0c1dd52b1aeaca05d1e93bd88582b19ea6a8d4ed27c9
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 272KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ