6738140ec7825ad171e796ea2b469da368da5a9311ba196067ebed34ffb83083 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6738140ec7825ad171e796ea2b469da368da5a9311ba196067ebed34ffb83083
Size

3.7MB
MD5

6df7f3656ceda6dba34f963702829994
SHA1

4a762998a5d1cc9bf844b7978158a10a89b3a98d
SHA256

6738140ec7825ad171e796ea2b469da368da5a9311ba196067ebed34ffb83083
SHA512

94fd3526a511805b697f91d43e4b6a8315a9bd0bff2e16b2cd3e20262dc7423b87f5e10e47dc9680c5a42896a34a3f8debde9b0b17e13dca1b849f595151a614
SSDEEP

98304:yp+4JAwCHbVbA3v2QfrQ8Xe2ATJgaD/EN:ywCtE+v2QkGYJH8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6738140ec7825ad171e796ea2b469da368da5a9311ba196067ebed34ffb83083

Files

6738140ec7825ad171e796ea2b469da368da5a9311ba196067ebed34ffb83083
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 360KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 596KB - Virtual size: 672KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 172KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ