3a3f793b2625c0aff04a0e0f258b7689ae2fec25aedd4e39a2c117ad56b0d08a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a3f793b2625c0aff04a0e0f258b7689ae2fec25aedd4e39a2c117ad56b0d08a
Size

4.3MB
MD5

55bcf8859eca995265bfe0ca684eec0e
SHA1

457f17129681ae791805d5a067fe4c153368c944
SHA256

3a3f793b2625c0aff04a0e0f258b7689ae2fec25aedd4e39a2c117ad56b0d08a
SHA512

ad1f749de39e7559abcf9c7db342cc1891fe2033feb65996a133c4782f68e6a224cbdb3a41a9d9037ca38405beda130379ffb031459e2f10ba61b4f8af93dbdf
SSDEEP

98304:E7pfVbWq3PS7Sq2N+YdznZuWPICZIsk1zZiYJ+XHu:AtY2S7m+sTZuWPICZg1MYJ+XHu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a3f793b2625c0aff04a0e0f258b7689ae2fec25aedd4e39a2c117ad56b0d08a

Files

3a3f793b2625c0aff04a0e0f258b7689ae2fec25aedd4e39a2c117ad56b0d08a
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.2MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ