bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db | Triage

Sharing

General

Target

bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
Size

2.7MB
MD5

33944a9e78b81f8daf8589fde57a6ab0
SHA1

4f26c57770dc8745e7b31e973ed9bd810f9dd34f
SHA256

bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
SHA512

1ff156a3817a3fba52de59b7243bb8fd5a6fc5d7c1405c8c44fcd5cad01053cc739579b8f57a56c87914a1cfb6effe5e465c069f4c7b9009062af3af26d4ffd3
SSDEEP

49152:wY41Y22MScKl0WGiCmFR/AH1EmLRJHHft0b5Kma67YHiQvhMsFgfiFVXsx6PkP:OYnl0vmX/HmLX/t0ODCQpOOVXzi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

bff57d0db80ce0c76d7bed268ba84aa395bc2ad41a47c45c8292bf2a52d072db
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 94KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ