f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932 | Triage

Sharing

General

Target

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
Size

2.8MB
MD5

db1c6242f285f50771cad71249efd80d
SHA1

33ce7a04e430f97b0f0e5222bd8aa1959f033df6
SHA256

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
SHA512

499cead59cf73e5cae73899153c900d1df792b2be45803f2a166fbbb8857f0097daaea617b219a3b90f039f6c81434379fa77ffadbae54bee9a7435b7af1501f
SSDEEP

49152:ghf7RKIntJWvd0L20FlMqjNEEXUpr/wOli1hcEjqY4mZ/n:gN9Ed0pFlMEDX2rYwis/y

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932

Files

f0f5cfee985630355bc175f987235b3066463f20b7ec16eb6fe480dfe0826932
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ