88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22 | Triage

Sharing

General

Target

88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22
Size

3.0MB
MD5

1335a17d311b929988693fb526dc4717
SHA1

062830cb07ce430fe049627e001ef23fba8ba351
SHA256

88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22
SHA512

4a4496ed95c7ff13e8735646a6b8c478742a2f152a3733122fcbac54c0cd7c04571acae789c2ac67dc07d542663290c9e32b3335827e122470d8b887477d7bab
SSDEEP

49152:NguQhMOPX5M+RXNM5428gYbM8gkw0Q4qAew+0Fr95s9e54OyRGEK2+qc2LBhW:6/hMOP2a9MLiVed0Zqe54OCGL2NLPW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22

Files

88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 88KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 649B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ