7c4dfb3197dcb6a4f2910e53167f4341410aa6320e929c2f5fcf8bcda4ba0247 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c4dfb3197dcb6a4f2910e53167f4341410aa6320e929c2f5fcf8bcda4ba0247
Size

13.5MB
MD5

0a9e27f2a82c7467ebaa3448a1c858cd
SHA1

bc50ba80e86498940bd5e7f71b16ed2ef7cbfadc
SHA256

7c4dfb3197dcb6a4f2910e53167f4341410aa6320e929c2f5fcf8bcda4ba0247
SHA512

7ee49645194b739bc1304a725dcdfbe13f2c3862de79290ee3c5db1bb14e3b7463e34f669494a5b7ab7a37db5beaa76fa4ecb3d9584f5fbadbf399c5fe0f198d
SSDEEP

393216:eM10Kc0Ual0LnCYJNUVpjIYMHM6rBIvNfGbTGM:eg05l+0LzWjItHA9M

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c4dfb3197dcb6a4f2910e53167f4341410aa6320e929c2f5fcf8bcda4ba0247

Files

7c4dfb3197dcb6a4f2910e53167f4341410aa6320e929c2f5fcf8bcda4ba0247
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 516KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10.4MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ