3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945 | Triage

Sharing

General

Target

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
Size

684.8MB
MD5

cffbeaff6728b94b1157790a0da8c0e0
SHA1

f739e01d798ee1f1c8802daf661fe22a2dc6cb85
SHA256

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
SHA512

afdcc11c9fff4cca1d14d326d4728b3032617b62c2b9ad788b2e78383831cc0240ce0bf428b43e17ef0cb222ccacc99f58ab8b1e9c77804bcaf9bc0033375b76
SSDEEP

98304:G9J/BDT4RZr3mc9UUxFKzxx+SjEnodrlW3hvIroVj0Rdfay6cysWtrW4L:e/9Y3n9UiFe+SWodrlW3HVURp7Wtas

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945

Files

3a48bb3fcdd6733462d837d755c7f09f90399d57364bae905f130009112a8945
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 273KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 9.2MB - Virtual size: 9.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE