b7e463f3e109b0657994861902d5f8a149c2aedf23f95982a1b1ab3ca6d2623a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7e463f3e109b0657994861902d5f8a149c2aedf23f95982a1b1ab3ca6d2623a
Size

5.4MB
MD5

08a91b593903f800ca41c3af899e303c
SHA1

4e4017fc51035eaff7b7a2633d7d279f2c405256
SHA256

b7e463f3e109b0657994861902d5f8a149c2aedf23f95982a1b1ab3ca6d2623a
SHA512

7318b48e4c5958e4d29e42dbe6bac1ce15f8f890b58e4dbb9c06fcb61c2b8da7194e95004db67a9376dc4235926f63e292dadf53cc3052bc28dfd61000857efa
SSDEEP

98304:xVgh7b4FkikhtUj6Hlk3OlvtY0m4aylc36JJzFK63KPyy3tl:icqhSZOjdjlxF56PHL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7e463f3e109b0657994861902d5f8a149c2aedf23f95982a1b1ab3ca6d2623a

Files

b7e463f3e109b0657994861902d5f8a149c2aedf23f95982a1b1ab3ca6d2623a
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 764KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE