cd3b9c66213fa7e7190660873c32a8636611337bd920b8ed958aa13e0e87aeeb | Triage

Sharing

General

Target

cd3b9c66213fa7e7190660873c32a8636611337bd920b8ed958aa13e0e87aeeb
Size

2.8MB
MD5

9901fb69fdea55077dcbc9ced6edc819
SHA1

1722d267efd1830b0497941dac662f4f21b78afb
SHA256

cd3b9c66213fa7e7190660873c32a8636611337bd920b8ed958aa13e0e87aeeb
SHA512

0293190282c69d8cbad43bd589d6a56784f34278955947db50ed9a5054f481c7d1608493a8986c3927b2a7bb676612695461174514c263d658ad63c703df4645
SSDEEP

49152:edQ25PlJ0WlqkF2VoRhZX9g1m73ETC8or2eCD8IUFuEMcfFgM0nfNy+QNWYYOu4:Z2PbLPF8yhZX9zjP8ordDIUFUM0nfNy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

cd3b9c66213fa7e7190660873c32a8636611337bd920b8ed958aa13e0e87aeeb
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 100KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Q*jr%Lr8
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Q*jr%Lr8
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ