7a2b7950c393657ae2f2ad3aa7a858d0N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a2b7950c393657ae2f2ad3aa7a858d0N
Size

5.2MB
MD5

7a2b7950c393657ae2f2ad3aa7a858d0
SHA1

11471c96f28865d8e87f8a43ae461bc0f8a42e22
SHA256

44cb3c66a6fbd16f9dda5b44c940ef2c763973e45a9f4c447f620f5a59cd53df
SHA512

770309ff2db585df1c9d4c01ebc77785158d21b7e0d49124f178c9af0bfa1daab9e136e51a343c9d548f360357365986fc709c64355c5f7faea858d252248e5e
SSDEEP

98304:t713Y/7XmHp6Z1c2mN9uZAfOu/LK3+TxjBvBOccHLLmt6axRYHF53q:tx3Y/7XmJ6Zi2mN9uu2ujU+zcHL6XuF5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a2b7950c393657ae2f2ad3aa7a858d0N

Files

7a2b7950c393657ae2f2ad3aa7a858d0N
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.7MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ