03956b4bce45bb1888d5c9a497d872ef3769ef2293f809da49e1eff13f4eba3c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03956b4bce45bb1888d5c9a497d872ef3769ef2293f809da49e1eff13f4eba3c
Size

14.1MB
MD5

f12fa3f6b22960d474ae19fd4fa60e46
SHA1

cd83ae2c8dbbaa6ac70e431596c0b95835baafe7
SHA256

03956b4bce45bb1888d5c9a497d872ef3769ef2293f809da49e1eff13f4eba3c
SHA512

d44a0a0d6e81d9928520e656f084a4d24018ac36f6c21990884f26d96da675597bd9f102e59320aa6221939c2e72eddbee8db3a03655d1d2d73e19897a4cd4eb
SSDEEP

393216:lrWGw4iAiKW9BivgcjQ/MWJHmp4lj92uFW:lyPecBumLHWSD8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03956b4bce45bb1888d5c9a497d872ef3769ef2293f809da49e1eff13f4eba3c

Files

03956b4bce45bb1888d5c9a497d872ef3769ef2293f809da49e1eff13f4eba3c
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 780KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7.0MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ