228e31796f2d5b59033b089d3b54d2f1e2e1a7fc8e8e8a9225904455f077e6b6

Sharing

Copy URL Twitter E-mail

General

Target

228e31796f2d5b59033b089d3b54d2f1e2e1a7fc8e8e8a9225904455f077e6b6
Size

6.9MB
MD5

5d39c8c9ab9755889157b35d7b731ef9
SHA1

608afb7a8baff72f1257f83b29d4381b614b40a2
SHA256

228e31796f2d5b59033b089d3b54d2f1e2e1a7fc8e8e8a9225904455f077e6b6
SHA512

6e5e70b568e4c5b18c3eb64312cfcc6ec6c3cb75dac043a55e826b75b7008cdf58d4e607a232c9f8cbca76ea29a6e9e75064d8bd4a3c42eb9e2f55d9fcddb119
SSDEEP

196608:M68wLELPbsdAje/mdsutaSwJglJdToqL3Y9o/s8yEfT:v8wd5csutajgY9ok0fT

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
228e31796f2d5b59033b089d3b54d2f1e2e1a7fc8e8e8a9225904455f077e6b6

Files

228e31796f2d5b59033b089d3b54d2f1e2e1a7fc8e8e8a9225904455f077e6b6
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2.3MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 530KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 129KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 2.3MB - Virtual size: 5.7MB

Size: 530KB - Virtual size: 1.3MB

Size: 11KB - Virtual size: 104KB

Size: 129KB - Virtual size: 209KB

Size: 1024B - Virtual size: 2KB

Size: 512B - Virtual size: 264B

Size: 512B - Virtual size: 480B

Size: 5KB - Virtual size: 15KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 16B - Virtual size: 4KB