32f946e2a1dc21e43c291d03734faed420c627186882c17dec1002a91ee0113d[.]zip

General

Target

32f946e2a1dc21e43c291d03734faed420c627186882c17dec1002a91ee0113d.zip
Size

6.8MB
MD5

427412cd7fed57c89f27f24e2bc7b7c0
SHA1

e8450b1228eca8f171b018dd3bd425d7f47c2739
SHA256

4eba78e198e9985de0d1ef2acda46f33ac0b96ebf2f4d523e63bc0d6b2d2ec53
SHA512

f6061d35f7d1cf35cbcc741e057087882d3507a29812ac3938ab4275d070fc6e753eebdb2cf633345ceadd94e48b9f23a25c0e4d50609c47d51a9879b7276abf
SSDEEP

98304:wf8z4hHqZjT5tzVkhEbLN/0ZqFgi59vK475s3nqDdFtsPF47VsD0XGCSwjx2gSgo:w/h2vVk+bLWZOf8IY8sq7aiGCzmghm

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/32f946e2a1dc21e43c291d03734faed420c627186882c17dec1002a91ee0113d	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/32f946e2a1dc21e43c291d03734faed420c627186882c17dec1002a91ee0113d

32f946e2a1dc21e43c291d03734faed420c627186882c17dec1002a91ee0113d.zip
.zip

Password: infected
32f946e2a1dc21e43c291d03734faed420c627186882c17dec1002a91ee0113d
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ