a13a91b89834f98065a26b7b6bb98f59c7d2ae476d7dc862a9d11ee1b897f11e | Triage

Sharing

General

Target

a13a91b89834f98065a26b7b6bb98f59c7d2ae476d7dc862a9d11ee1b897f11e
Size

3.5MB
MD5

f79be8a363fa6bd15c4785022cd2ea3a
SHA1

85093d1a42861cfa9ae66617385e5084bfafc003
SHA256

a13a91b89834f98065a26b7b6bb98f59c7d2ae476d7dc862a9d11ee1b897f11e
SHA512

ae6aa1c9d6f5a0dd1b5217d34004c0f5f9a94c1718881452ac46dcfe61b1837420ae19b87e8e7445b7e31aeee553dfa49ae037f7d791ac4d89acd7d3f4093243
SSDEEP

98304:06D0IOJedAuY1itJheeOXJ4i8Ejnb05LOLF:Z1O9cnyA6g5KLF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a13a91b89834f98065a26b7b6bb98f59c7d2ae476d7dc862a9d11ee1b897f11e

Files

a13a91b89834f98065a26b7b6bb98f59c7d2ae476d7dc862a9d11ee1b897f11e
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 628KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ