10495aa49546616b98f4754d0b9e93209a271180ef64be01868e4c1716bd2bdd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10495aa49546616b98f4754d0b9e93209a271180ef64be01868e4c1716bd2bdd
Size

7.5MB
MD5

c22792ee9dd1e0a1c3c0bd7d55bbbcc5
SHA1

4663e32a9199582d11b193914774bb1c2f762af7
SHA256

10495aa49546616b98f4754d0b9e93209a271180ef64be01868e4c1716bd2bdd
SHA512

deaa9224cb99f05aec42a72601148f12c39dcfda49af293bea37adcaaf198d1dcbc448a348d02e4b2f2e92770a7f1f30e2ac66f6563640aa61f6e01e85ee2e40
SSDEEP

196608:bk8qeT8+qy5j0M73eVHUBdoJbJi+a8C01ht84HB7I+:48hqy9OVHUBChNC01hbc+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10495aa49546616b98f4754d0b9e93209a271180ef64be01868e4c1716bd2bdd

Files

10495aa49546616b98f4754d0b9e93209a271180ef64be01868e4c1716bd2bdd
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 32KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ