1783713f0093c0b6ba6112cc6bdae8cd2a91daa19c651efe7e4e4ac2b3fbad25 | Triage

Sharing

General

Target

1783713f0093c0b6ba6112cc6bdae8cd2a91daa19c651efe7e4e4ac2b3fbad25
Size

12.2MB
MD5

c619c99d873652c66f6fed3dde3c651f
SHA1

7974b95a82b1bc8e9a856db312f0d40733cd1b41
SHA256

1783713f0093c0b6ba6112cc6bdae8cd2a91daa19c651efe7e4e4ac2b3fbad25
SHA512

cc487ec97acb036bca68861b33b17ab0cd9fe31b1b954e1d7bfcc0dc781cbb0c42dbef48b906617516d69168a34409d4cbf8b7f3461ffcd9fb6bcf4c2577b8be
SSDEEP

196608:RU7Zu+p22zd1QrM36NC0wTVcC1uYove/bkhUlMQoAyfMY:RU78mrQQ36NC0wTVhOqICNoAq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1783713f0093c0b6ba6112cc6bdae8cd2a91daa19c651efe7e4e4ac2b3fbad25

Files

1783713f0093c0b6ba6112cc6bdae8cd2a91daa19c651efe7e4e4ac2b3fbad25
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ