3386e752d18bc5b4445695d61a6d856b64e5d06c8ff22286b43564451405b047 | Triage

Sharing

General

Target

3386e752d18bc5b4445695d61a6d856b64e5d06c8ff22286b43564451405b047
Size

4.6MB
MD5

2b97d7be665711071e7246a30b4eac76
SHA1

54816044ae6590e13bd1425171b4ffb330ca06d1
SHA256

3386e752d18bc5b4445695d61a6d856b64e5d06c8ff22286b43564451405b047
SHA512

270cc8e703344deb9b5e05e01cdb8ed8a52faa123b6723f65bb25c9672b8180bd076f79eeee49d6c4fc290f52a4daf8dc5a80102fba190ddc59bfbf948dea911
SSDEEP

98304:+LXYbk0xC/rZGoaDFwPYY9LBf6lqFu/EON85OlaO:+LXMEmWPYY+loucUH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3386e752d18bc5b4445695d61a6d856b64e5d06c8ff22286b43564451405b047

Files

3386e752d18bc5b4445695d61a6d856b64e5d06c8ff22286b43564451405b047
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 628KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ