949e3b23a5072f9090ff5f03e67ef7a799f8417f0809b47950e215f7c42c9379 | Triage

Sharing

General

Target

949e3b23a5072f9090ff5f03e67ef7a799f8417f0809b47950e215f7c42c9379
Size

11.3MB
MD5

8bd782e0c7b1a74e8f1aaf16e87e739c
SHA1

ed44c4096a2f9cd42ad9d5672b6ed2615cee73a6
SHA256

949e3b23a5072f9090ff5f03e67ef7a799f8417f0809b47950e215f7c42c9379
SHA512

8198bc0c0f0f07bdc18160a0bb3fd895a0179da86603ea912727a55368fdf0e6c78cd388661c4f392f46d15fe5241c67b2bd69a73b43bc4f0e0ed0504373c10c
SSDEEP

196608:Fncm7NDix0yiky+aLgdx6AJpRMDibcB6DKgKgo14DIqyG9mPS5/k2zGc:tcmA0yqFQ8AJpqDiboUKVgo1MoG9mPSy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
949e3b23a5072f9090ff5f03e67ef7a799f8417f0809b47950e215f7c42c9379

Files

949e3b23a5072f9090ff5f03e67ef7a799f8417f0809b47950e215f7c42c9379
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 251KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 19.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ