cfad4d07998be3b659ec51e6d841e7041a30c6a0ebb9e7fe0bb907badc6f50e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfad4d07998be3b659ec51e6d841e7041a30c6a0ebb9e7fe0bb907badc6f50e3
Size

2.8MB
MD5

60d5b2e8ba886608fc23a5103427a809
SHA1

e1044043a367f66c7e2239f1e0f78ca99ad4d414
SHA256

cfad4d07998be3b659ec51e6d841e7041a30c6a0ebb9e7fe0bb907badc6f50e3
SHA512

b654fc1d2813bb500f312b349f70da5be5ca70c7f5191066690713b8b410f79a3c5f1ebafe07463cb36623d5baad8865a120abfb9334fff64a0e4aa00a42f447
SSDEEP

49152:8MnJPEDpVpA5p4lX3FBhkG5ePN5V22QM5PLXgcXvxdKLG6vGk8RqE:7VEDK52lX3FoxV7hjQ+xQq6ORX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfad4d07998be3b659ec51e6d841e7041a30c6a0ebb9e7fe0bb907badc6f50e3

Files

cfad4d07998be3b659ec51e6d841e7041a30c6a0ebb9e7fe0bb907badc6f50e3
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 353KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 27KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ