735c90e7877b747a441dcc8fef6f9ae11d3540f811ad04b827e10140a36f8c12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

735c90e7877b747a441dcc8fef6f9ae11d3540f811ad04b827e10140a36f8c12
Size

112KB
MD5

46d633938491b0fdabf75f9f58c5ccdc
SHA1

f737fffd70cc076b273e8c769e2ae2eb65b56741
SHA256

735c90e7877b747a441dcc8fef6f9ae11d3540f811ad04b827e10140a36f8c12
SHA512

679b1e6315ec2b189677b06f9382fc69ef3d24e1f61aa5fe12d2d134465de0529839ea75c1a0944d1173b535721188b55783f21f9d96826a769a3547337f67e3
SSDEEP

3072:lPCXWg+0Y1mI6mQQmND7vT3q6rRjG0BY2SnLK5:1C5Y1m4AbT3q6rRjGR2SnLK5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
735c90e7877b747a441dcc8fef6f9ae11d3540f811ad04b827e10140a36f8c12

Files

735c90e7877b747a441dcc8fef6f9ae11d3540f811ad04b827e10140a36f8c12
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 624KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE