57b413b133af90b7985933d115cc6dd4e0a845d03bd36354d72eaeac711a5984 | Triage

Sharing

General

Target

57b413b133af90b7985933d115cc6dd4e0a845d03bd36354d72eaeac711a5984
Size

12.2MB
MD5

5e0bd1b48d5e9543e129dbe072c10ab3
SHA1

f733e4b012c81f082959c9f240298d3286c583b1
SHA256

57b413b133af90b7985933d115cc6dd4e0a845d03bd36354d72eaeac711a5984
SHA512

6b7fb9a88bfb0a48a68cbd6d3ff8180f7be637ebc0da30840d39c5cfc9eb086350c8546128b983265289e39464e0ca109795179cf6c63ff9acef72841a618095
SSDEEP

393216:3xJqA8Zr+FaMwdgA97sDr8VPM13Gdo5r:398ZKJigAnMJGd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57b413b133af90b7985933d115cc6dd4e0a845d03bd36354d72eaeac711a5984

Files

57b413b133af90b7985933d115cc6dd4e0a845d03bd36354d72eaeac711a5984
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 242KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 20.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ