a9b656c17a9d3a0570379b610cf401b3943b56d24b058e06d7069c50c9a72bc2 | Triage

Sharing

General

Target

a9b656c17a9d3a0570379b610cf401b3943b56d24b058e06d7069c50c9a72bc2
Size

5.9MB
MD5

b7ac2f768c7bb77ab0b9400202c3f36f
SHA1

82d5e1f755589c7281112451a141b46d12222918
SHA256

a9b656c17a9d3a0570379b610cf401b3943b56d24b058e06d7069c50c9a72bc2
SHA512

fed4fde71b9371e3cfb126d3cefec51e9eda6850c1efb46ab845a33c525b8a9eb82107d5ac9526c8d93aeb18aeda659178caad2c18cdb77abf39ee3bf79b57ad
SSDEEP

98304:SXw3mWbc4g+l9W8+LUbD2eyLyT+OzzAeimmHyFvLgSBXJygEqD5:sw2gzgY9X7P2e1TVBiARLvXREqD5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9b656c17a9d3a0570379b610cf401b3943b56d24b058e06d7069c50c9a72bc2

Files

a9b656c17a9d3a0570379b610cf401b3943b56d24b058e06d7069c50c9a72bc2
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 620KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 96KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 192KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 41KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ