a0af9e4302bd6b77cbc547e98ee46a3d19832308d003c5a792bf438a24f02d10 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0af9e4302bd6b77cbc547e98ee46a3d19832308d003c5a792bf438a24f02d10
Size

10.4MB
MD5

8a85fbe198737ea6a0d7349811ecef53
SHA1

b139431d130ca2dba18267a1fe5033a06c7c5eda
SHA256

a0af9e4302bd6b77cbc547e98ee46a3d19832308d003c5a792bf438a24f02d10
SHA512

ffd9c658f90c0ed62616c6a1b768420e21157440895761e056257fc51965830a30bafc5c91b8be52188cc1db4bec49cf1fd7b7adf401e2d1c929807e759206b6
SSDEEP

196608:ufyYMJkWhOsf+FtM2NdpToYBXWdPB2FpYrrNCxQ1/BzmGt0LnIRcJjG3qX74Y:M9MJkwPf+XdxBX2PMFucxQ1Bx0EcJ63Q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0af9e4302bd6b77cbc547e98ee46a3d19832308d003c5a792bf438a24f02d10

Files

a0af9e4302bd6b77cbc547e98ee46a3d19832308d003c5a792bf438a24f02d10
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 684KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5.9MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ