557a9b0cc7e81ab5b96bc08f51dce28f2c3939045cd9abaf7996c961f28735bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

557a9b0cc7e81ab5b96bc08f51dce28f2c3939045cd9abaf7996c961f28735bd
Size

3.5MB
MD5

9b4b4ed83d389cd5c40cfc7e5e448bbe
SHA1

e145b2959c3e9cb2704a0f08e6d292935685f5ce
SHA256

557a9b0cc7e81ab5b96bc08f51dce28f2c3939045cd9abaf7996c961f28735bd
SHA512

f269d70db28e9259aebd0cb8b7d98c6b6cc0ed599e614293c9063733a044ff7649e5632ca436533a4d14e63ef99d54dbc719bf1784b4448ff4c6c01ddbc19b60
SSDEEP

49152:5tLvgLwABeROlEkOwiBVdxLCoKFtUWSf/3p1dYkctwxc+1p3dFczqzf3YqEMR0s:/v2fBklkNin26Nckcyp3Lf3YDCh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

557a9b0cc7e81ab5b96bc08f51dce28f2c3939045cd9abaf7996c961f28735bd
.exe windows:4 windows x86 arch:x86

Code Sign

17:d3:05:6a:dc:29:bc:bc:4b:eb:7c:79:bc:e6:bd:07
Certificate

Issuer

CN=64Signer.4

Not Before

02/12/2021, 19:25

Not After

02/12/2056, 19:25

Subject

CN=64Signer.4

25:09:49:0d:43:ba:a5:cb:81:a7:62:34:2f:0d:56:25:56:7a:36:89
Signer

Actual PE Digest

25:09:49:0d:43:ba:a5:cb:81:a7:62:34:2f:0d:56:25:56:7a:36:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 890KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 70KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 93KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ