3abc8825f48f380799196dc81a5f575c605f6a807b1b111eeb07a2f36b4f0022 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3abc8825f48f380799196dc81a5f575c605f6a807b1b111eeb07a2f36b4f0022
Size

9.8MB
MD5

5723d370351441ea6be838217b64e3da
SHA1

50e6c6dc610c74d0905c8d757d7de35320d79d36
SHA256

3abc8825f48f380799196dc81a5f575c605f6a807b1b111eeb07a2f36b4f0022
SHA512

6f0141cd50f1521646a9d339b137205c14e6850cba082c55b62d19c537273a50e889e96529a9d6f928fb86835c1e0fda9f1a09ab675a66325bd5100c60888fd9
SSDEEP

196608:HJoRRe965zoqE1uUPEktTdPH1ocqYF7rrCfBf/M0BfTTU5L3xgXOW:HGRRe9OoqvGtVH1ocrXrCfF/M05TOLBo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3abc8825f48f380799196dc81a5f575c605f6a807b1b111eeb07a2f36b4f0022

Files

3abc8825f48f380799196dc81a5f575c605f6a807b1b111eeb07a2f36b4f0022
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.7MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.7MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1.6MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ