9fb17c198578d1076691c00dc848fbf9f530fd0b167a5b838415ed3c8a999405 | Triage

Sharing

General

Target

9fb17c198578d1076691c00dc848fbf9f530fd0b167a5b838415ed3c8a999405
Size

3.4MB
MD5

2b7e434e52ff7480ae06ba901f8efbfd
SHA1

65d0d6cbd8a57793fb0043d58c7ededd132f7f39
SHA256

9fb17c198578d1076691c00dc848fbf9f530fd0b167a5b838415ed3c8a999405
SHA512

37934334b6cb09d3e03ddbde3cf03db76f5e1f7aec4d01c0e1b73edc1eb2e94b9db96dc236e669f68a90c99d46205a5da658129902ab7f65638b2d5101ac429a
SSDEEP

49152:6xBeELrmAHlkVpxh4VoQE5vP3qvBUWK7PHx3uWrreCioUlPFxse53QM+p6Z9ql:67eE+/84vP3qZmdKltyeJE6ZAl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

9fb17c198578d1076691c00dc848fbf9f530fd0b167a5b838415ed3c8a999405
.dll windows x64

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

SpInitInstance
SpLsaModeInitialize

Sections

Size: 298KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 46KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ