4c93bab7e2fd153c6803e1260a608534eed533211262701b0f5fc694b971cc0d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c93bab7e2fd153c6803e1260a608534eed533211262701b0f5fc694b971cc0d
Size

14.2MB
MD5

c8415bbde3abea851392c3fa7df18aa9
SHA1

a282bafed6fd73e7babf9370c7ac8647cda8b984
SHA256

4c93bab7e2fd153c6803e1260a608534eed533211262701b0f5fc694b971cc0d
SHA512

ed1a6da0fcced1c161284b4dc9d5e89068d9281c20c0f619e143829568755d8ff903f18f3adf7ca80415baec2705fbf5c31a26c95fc50b16a39d53406ec54a13
SSDEEP

393216:hz1Uu474Yjv2rzhpZDfXnr0Bl6pCAsLGzWlfU:B6Zjv4Z3rsl6qr

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c93bab7e2fd153c6803e1260a608534eed533211262701b0f5fc694b971cc0d

Files

4c93bab7e2fd153c6803e1260a608534eed533211262701b0f5fc694b971cc0d
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 784KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7.0MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 44KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ