1f37182a77e725293fc1162b804e2296a8929075c62d6088eff434e714dcf82d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f37182a77e725293fc1162b804e2296a8929075c62d6088eff434e714dcf82d
Size

4.4MB
MD5

27e7b8393d79eaacd3ff85beb58bddbe
SHA1

bcdcb9b4d910c6ebb8b8a4672c57edef4c9c213d
SHA256

1f37182a77e725293fc1162b804e2296a8929075c62d6088eff434e714dcf82d
SHA512

231cee3d52e6dd0ab1a44bf31d58b31a95b05a5be0c05ebc005d5433abdbb0a9804560cbc660aa5f2f1f81b2c9ec814ca8196cb570a13e25e7956f0c3fafa2e5
SSDEEP

98304:rT+6qiFa6y/uPgdfJrA4NZcvmwacYkYT7WMfn5iIOAUJyEKZ:XpoP/uEW4+mwavkYmM/nOAh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f37182a77e725293fc1162b804e2296a8929075c62d6088eff434e714dcf82d

Files

1f37182a77e725293fc1162b804e2296a8929075c62d6088eff434e714dcf82d
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ