0d4807065d8ba972a7b23f8e8a40087e55aab0a63fb798e7a8324834e9885766 | Triage

Sharing

General

Target

0d4807065d8ba972a7b23f8e8a40087e55aab0a63fb798e7a8324834e9885766
Size

8.2MB
MD5

b21090384a18dde4401765059c3c4b2d
SHA1

6bdc900a3ac49087d51d505955478c99b0f92b49
SHA256

0d4807065d8ba972a7b23f8e8a40087e55aab0a63fb798e7a8324834e9885766
SHA512

5dc81fdc0ab1e3b30225e4de54e7ebb3c61352b94c408517105e35d1206ea2c95bddb903e03c90f7f4dd921fcd961e69a64ca4d6d481b70228b86f01639fcbbb
SSDEEP

196608:x1sGdY4Y76lIJq3RMtJr/b9h0QB3ZroXnd7ndF2vJd1gekUVc:xB+6lI5tJr/b9h0431Ud7nShUeka

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4807065d8ba972a7b23f8e8a40087e55aab0a63fb798e7a8324834e9885766

Files

0d4807065d8ba972a7b23f8e8a40087e55aab0a63fb798e7a8324834e9885766
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4.5MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 444KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ