499c246c51a7c8e8fe7e6d70aab568fbb04453c208e354100f9d5052196338ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

499c246c51a7c8e8fe7e6d70aab568fbb04453c208e354100f9d5052196338ce
Size

2.8MB
MD5

4546caea9dc53b69f35c65cc14b8c30c
SHA1

9e7985d36724f70e5f46398cd630c5ca8472af1b
SHA256

499c246c51a7c8e8fe7e6d70aab568fbb04453c208e354100f9d5052196338ce
SHA512

879918fe7262dd7e1d6ab125270cc01a114ecdc1ee6e483b5ef14b1d7916a48d5b56239b21df33ac208b310072d25cbc198aeda30689d6e6bf63c2536251bc51
SSDEEP

49152:0b7sN18TUH2ruJ8bIwSJfTMU1hCzuS7xh3Hii2DBUMME7+kd/qkps:isN1VH2K5Xx1hC5v3CiO6e7+6/qEs

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
499c246c51a7c8e8fe7e6d70aab568fbb04453c208e354100f9d5052196338ce

Files

499c246c51a7c8e8fe7e6d70aab568fbb04453c208e354100f9d5052196338ce
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 512B - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ