93aa934a4ebd7f7a4aab51af7c44532fbc8891e28e25edb903a0a4b1b95f1c1f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

93aa934a4ebd7f7a4aab51af7c44532fbc8891e28e25edb903a0a4b1b95f1c1f
Size

4.4MB
MD5

b2e32f863c1165ce325ff2c9d229460b
SHA1

afdcf266e5f8aa2429503198f5f6aa342333e5c5
SHA256

93aa934a4ebd7f7a4aab51af7c44532fbc8891e28e25edb903a0a4b1b95f1c1f
SHA512

b733c0e39b514d76c959d0695aa97dfcf6f2c2dd129ced0393310ca06603829438f97ffb55e829a35880a7a89651ec4ffc11a972cd973bd8c50bb56f175f002d
SSDEEP

98304:gOE4dIOW7HJZ0ChKtaw45mqaGEJcLX9Yr0umb9y7CxB3cRJj:gOEFO4JZ0TX45mqaGEKNA0umb9y7CxBE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93aa934a4ebd7f7a4aab51af7c44532fbc8891e28e25edb903a0a4b1b95f1c1f

Files

93aa934a4ebd7f7a4aab51af7c44532fbc8891e28e25edb903a0a4b1b95f1c1f
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 364KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.0MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ