107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5

General

Target

107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5
Size

3.0MB
MD5

67af1747e08344eae77a38e2b6a10315
SHA1

7f13fa25bed5e28f874842f18c9948f584b8463a
SHA256

107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5
SHA512

72695d08c852663c61bfa0a83b06a02b49a885c4ca026f7a7f8c34dae49d77418b60f5e8f4b31982aa1b7feec7bc6a59b8ec1bde8cfff9cdb2521b8293159d75
SSDEEP

49152:Q0LXPDkB8XjKjQxY1MoEd37l+frNnG9mQBw1yqL7KgmrQrweNrWZjVPD7k+X:QaXromjKljc7l+frNSmQBw1fLRxrvNyR

Score

7^/10

themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack001/9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568

107789c37f85315b60b467dfc00d9473092959adfbfe736515b8d14ca99f67a5
.zip

Password: infected
9b2e71d1d534f802cae86df5471e0a2093f3d2188fa3188fbbc34fa1ce920568
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 40KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 581B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ