dda9a90e4983b3568483858bcf42c1f72be5b019dae3e66620a892db4efe519c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dda9a90e4983b3568483858bcf42c1f72be5b019dae3e66620a892db4efe519c
Size

3.4MB
MD5

430cd1688e60f4dbf72d4cef77190df9
SHA1

9feb60790f037de5376dcc5d21fa928324b0adae
SHA256

dda9a90e4983b3568483858bcf42c1f72be5b019dae3e66620a892db4efe519c
SHA512

6a874a947a3a47a345cad91ec7cb7e5a426007dcf9722e3a7b216d9110f6f46485c1f35f26ba939bafc34991a4016d72ec79c3a905114dd9e92ad9f00a26ce09
SSDEEP

98304:t+JEbbbQP2WNlUTMzA4hY8zxH4c5OxTt2SD54kuVttXa:t+JEzQhNlxF68zxH4c5OxR1GkuVva

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dda9a90e4983b3568483858bcf42c1f72be5b019dae3e66620a892db4efe519c

Files

dda9a90e4983b3568483858bcf42c1f72be5b019dae3e66620a892db4efe519c
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 286KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ