506c0a9dbee1cb1224ea204cd894bc37bf0dbc7b3b8422a77531068ee3e42926

Sharing

Copy URL Twitter E-mail

General

Target

506c0a9dbee1cb1224ea204cd894bc37bf0dbc7b3b8422a77531068ee3e42926
Size

5.7MB
MD5

c11d73193ce32fd773eba749c5ea3e61
SHA1

37d82c6d065a6ca3426447224480cc6de8391ab5
SHA256

506c0a9dbee1cb1224ea204cd894bc37bf0dbc7b3b8422a77531068ee3e42926
SHA512

abbeb8fa79b7428e7ac49a138052fe3feed445365aab2c3821b97589a9f8f624d111b77af8d1b2a94c906d4e73f5070c8b50de7f1c483aeea57f54716b0c193f
SSDEEP

98304:S888p3a/xqvw1iQtcDduRxnM6ROgizVxQnJtWyUGvFi6TwwaPIz5:Sy0h1iQtcDwxAgYVxQnJtWFGvxJgA

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
506c0a9dbee1cb1224ea204cd894bc37bf0dbc7b3b8422a77531068ee3e42926

Files

506c0a9dbee1cb1224ea204cd894bc37bf0dbc7b3b8422a77531068ee3e42926
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 347KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 121KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 347KB - Virtual size: 756KB

Size: 121KB - Virtual size: 296KB

Size: 21KB - Virtual size: 50KB

Size: 16KB - Virtual size: 27KB

Size: 512B - Virtual size: 488B

Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 8.2MB

.boot Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 8.2MB

.boot
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 16B - Virtual size: 4KB