06ed3454143a0976e9eae42a4127760802d84ed186174ba3b59c4bbfef7576ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06ed3454143a0976e9eae42a4127760802d84ed186174ba3b59c4bbfef7576ef
Size

9.2MB
MD5

ef85ae1c5ce2ac381dd5df9a1afa6c11
SHA1

8b9706924f7566416a498654287daa013d04c1af
SHA256

06ed3454143a0976e9eae42a4127760802d84ed186174ba3b59c4bbfef7576ef
SHA512

c714f7e16d2260ddf9a00b1575d1bb2a44fb9618b56a0c6d4719559009274340f50a9247c975e1bd7cb3957843e0c3775ab69e16e313467efbc0d1db302b9192
SSDEEP

98304:xDho6Ak9HpDB1kuGzZSY3znyrBBbFUUAstMeNr14RExeoQP7tuphYmDZ/CoTwpEf:JvzFB2HmmU8eNaptQTcem1Br7Bx63H

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06ed3454143a0976e9eae42a4127760802d84ed186174ba3b59c4bbfef7576ef

Files

06ed3454143a0976e9eae42a4127760802d84ed186174ba3b59c4bbfef7576ef
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 3.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 22KB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 300KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ