c444b54f0e39cfa3d97340742624eaf4ae1bc8735758124c3dbeedcd704915ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c444b54f0e39cfa3d97340742624eaf4ae1bc8735758124c3dbeedcd704915ee
Size

5.7MB
MD5

fb3509142134fdde8dd7f1824a713b56
SHA1

16cab7d17483ebf0f815e114b77827fc12b01fed
SHA256

c444b54f0e39cfa3d97340742624eaf4ae1bc8735758124c3dbeedcd704915ee
SHA512

27f3c459243064c297af789f49145c6674d35606da48fc35ce5a53e81d40a3c08ab77d59b5efca68f29c1b3360477673bd87556b22b68a3337e87f456317a436
SSDEEP

98304:5QeNVktMLAEXWxB3Ec8xbhBVHO7OzOL3dYr:5Qew6L3WN8xbhHHORq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c444b54f0e39cfa3d97340742624eaf4ae1bc8735758124c3dbeedcd704915ee

Files

c444b54f0e39cfa3d97340742624eaf4ae1bc8735758124c3dbeedcd704915ee
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.3MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VProtect
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VProtect
Size: 756KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

VProtect
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ