9ed38a927ce24a1b1a41a4d7b64706178047fded77b923a12f56346c752ca851 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ed38a927ce24a1b1a41a4d7b64706178047fded77b923a12f56346c752ca851
Size

4.1MB
MD5

0d2258238f6eef4d56b59b0adf162f01
SHA1

f58b90b353f0262b28f3c812b27ca6228984166a
SHA256

9ed38a927ce24a1b1a41a4d7b64706178047fded77b923a12f56346c752ca851
SHA512

6a9f6b0713f67f0887223212538972e42080162ef2d2a9b310cd236522934286cdda28f3e992b17008707957ee40627f71bca8d9f99f61376b2d9896213f3c61
SSDEEP

98304:Y+owRV+OrAH6eiAHeytJXNvc4rshY7a56dpqH8nOc:JowRFV9A+ytJZfa56CH8nOc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ed38a927ce24a1b1a41a4d7b64706178047fded77b923a12f56346c752ca851

Files

9ed38a927ce24a1b1a41a4d7b64706178047fded77b923a12f56346c752ca851
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 404KB - Virtual size: 837KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 143KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ