a9e66bd4bc9e965c2df6cd98992c6b9873c1a3cc23e8a0d809b92c444f7f1c84 | Triage

Sharing

General

Target

a9e66bd4bc9e965c2df6cd98992c6b9873c1a3cc23e8a0d809b92c444f7f1c84
Size

2.7MB
MD5

175d34c56247598761c5f65b547665ff
SHA1

1dbb68bc972c440b3d34bd2398f975e335b66e84
SHA256

a9e66bd4bc9e965c2df6cd98992c6b9873c1a3cc23e8a0d809b92c444f7f1c84
SHA512

53dea2a52acf83c944e105ebb5a5d1c52c6e5808076ae19c6b395fa1f85a61dba13e8050008704224481c509e067acb812a8a09212d1c3b6a716a12536039ae3
SSDEEP

49152:AFuJJsxV8QS+uNKp+RfCES4bpxo9769Sq1j4pOpFyc5LhSiMB4:LJJkVXSX8p+RfPxsQJFycZhSNB4

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

a9e66bd4bc9e965c2df6cd98992c6b9873c1a3cc23e8a0d809b92c444f7f1c84
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 94KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ