573293a771fb2ded85b7d27f796db6bf45862b88a7c4e6526f8b131030676cb6 | Triage

Sharing

General

Target

573293a771fb2ded85b7d27f796db6bf45862b88a7c4e6526f8b131030676cb6
Size

5.5MB
MD5

51fbd042816fb8f5cad1857e13d4d5ea
SHA1

6e13181bd860a48896935852ff019a1965873813
SHA256

573293a771fb2ded85b7d27f796db6bf45862b88a7c4e6526f8b131030676cb6
SHA512

97a0907b6bf269e85041e6af793973774b46cc5663cc7a02f08b2d78caec757d4dea87c08e6b8ab29386c64ff725eadccb69cd26f2e09a59d5a3c4acd6010fec
SSDEEP

98304:HHwP7+3YEWT9cPqfghfAjtXkS9z3G+InAVO/aXNbb7m/YvxeHUTEK9Dz:HHwP7yOT9cP6OfitXkSN3Pg9ydvCYZ+q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
573293a771fb2ded85b7d27f796db6bf45862b88a7c4e6526f8b131030676cb6

Files

573293a771fb2ded85b7d27f796db6bf45862b88a7c4e6526f8b131030676cb6
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 2.5MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ