8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302 | Triage

Sharing

General

Target

8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302
Size

3.3MB
MD5

f7cfdb674df05992c5c7de2779c455d9
SHA1

ee537d50e9c6d72983311d717428f761adb79072
SHA256

8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302
SHA512

3d6fa1152d1efe44f62ba41cd8a7bf7c492498ef4c60460df427defb5b1efa537a816a4497d76e4fb2348089fbf889c172af0d177a35403d4be578663ea878ce
SSDEEP

98304:W1GO/iat+Z5EUvQA/L4QzGJX+TnSEwTbeSMqfI:W8OKatQEYQ8jqXWnyTvfI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302

Files

8fa39294fdb557ded34fd2364b49a75dd1195983c4b2e1dfc8343e696d8e9302
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ