ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902 | Triage

Sharing

General

Target

ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
Size

2.6MB
MD5

4929791acec6252b9b64ac7d706dcc6e
SHA1

ce80dc41663e02c282c69192a8bbc514c11e46b2
SHA256

ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
SHA512

45027a45de6bd7a6c08ae73c6e4797daff14c9978cc60cfc3bc8a35982412ae190ecafa2b9ba06ecc9ef2f675d32a89c4367a9b6daf1647411ededbc9d86ae6a
SSDEEP

49152:if2OUSB7MyhX7aFQLsSxPHUUjzGxr2EZhphYbyVTF/2cEks7fEHC:457MUX7aFozdUozG5hbYby14b/7fa

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 104KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ip 54.2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ip 54.2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ