0d11b893e792e22aff2ac841507d7d9016c083f0713dd01fdda622e60a3dec21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d11b893e792e22aff2ac841507d7d9016c083f0713dd01fdda622e60a3dec21
Size

4.1MB
MD5

ce73f9a71803b59be89fd73dfadf282b
SHA1

6bef30bbd429c0a5c37fde00880d138c706c853c
SHA256

0d11b893e792e22aff2ac841507d7d9016c083f0713dd01fdda622e60a3dec21
SHA512

23a35a6dba26066c4ffb6a90054759e3a5e86d64bfa0c28f29bee7648aac6d5008f4fc0c0fecb811314abf02ff8ea7d9af3631bfbfb7346354ddb702bcc1deba
SSDEEP

98304:W11YVFM4Bp4wX3faoNSv2ydC17+9VhV4i7YA:cYM4/ydCQ9V77YA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d11b893e792e22aff2ac841507d7d9016c083f0713dd01fdda622e60a3dec21

Files

0d11b893e792e22aff2ac841507d7d9016c083f0713dd01fdda622e60a3dec21
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 412KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ