d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9 | Triage

Sharing

General

Target

d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
Size

2.7MB
MD5

56c1adc0374d7a9b4c490de2ac89f1a8
SHA1

d42e0f06b86f040ff945e4d94991101455299dd0
SHA256

d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
SHA512

bee35ec98847c635a856d34bdfe4e7cf9c46af83de1e08710ef32136c81f5e6449a93241bc331dba6e8509c4665577f79d2768dbf4d272379800e0b9cf912311
SSDEEP

49152:Lmo+iRbq7Nyl2ACpgwKZnjefCD0SJrQ0qeRTs+j+05ok9:Ljvl2OsCY0Q0qKQ+jlH9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

d300285f78b79a708e1f15b6341d4131d3cc13fb26e27015fdb741bda7371ee9
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 55KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ