7188cb027a150e49610bd9c9061190299f02dc01609b215bb5286fcde60f7255N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7188cb027a150e49610bd9c9061190299f02dc01609b215bb5286fcde60f7255N
Size

2.6MB
MD5

e78d08d82be8dcf6a31fc9c83c05b3c0
SHA1

3dfb7c7a6e4ae234182c1e72b0118f81815a25aa
SHA256

7188cb027a150e49610bd9c9061190299f02dc01609b215bb5286fcde60f7255
SHA512

884da31edb56c74d8d30c83efab8c26c5452b200e32eec8d653bacb46e16f4b41d9dd953d924611f63141909a2850d0d1e813ed3c760aee7c97006fd6a9c0d08
SSDEEP

49152:lJ5IvAG44oOCdcSzNIJG70V6Do4yV/5mc5aNZJ350zg5bEJ60IZGnpw/YS:lJ5G4DOT5JGIVzh/5aZX0zgd0IZGpwv

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7188cb027a150e49610bd9c9061190299f02dc01609b215bb5286fcde60f7255N

Files

7188cb027a150e49610bd9c9061190299f02dc01609b215bb5286fcde60f7255N
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ