dae92ad2bf5d3ba3bc84c7a0941f513248cbd94f2fd4d18687f2cfa10c5ae13c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dae92ad2bf5d3ba3bc84c7a0941f513248cbd94f2fd4d18687f2cfa10c5ae13c
Size

4.0MB
MD5

fb480f3e92e5529c55c0ab122c772b70
SHA1

349c88638596f7bca649a39ddf4234f31bf2f10a
SHA256

dae92ad2bf5d3ba3bc84c7a0941f513248cbd94f2fd4d18687f2cfa10c5ae13c
SHA512

cf6d543722e3b632bff71a19646cf69e575cc018c02350ad4ba964df7ec74933750f0ea3843043a2d9c02ea35ee4a6800d887bb8d648a35a62b695e98773176d
SSDEEP

98304:/TqjOSQMV5StZu0vcYb9g+X5pFniTg4Tl3McvF58bRU1ZYY7ngzBFW:/KrAZu0vcoJtiTfTl8cIiLYY7gdFW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dae92ad2bf5d3ba3bc84c7a0941f513248cbd94f2fd4d18687f2cfa10c5ae13c

Files

dae92ad2bf5d3ba3bc84c7a0941f513248cbd94f2fd4d18687f2cfa10c5ae13c
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 568KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 259KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 31KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 39KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ