944788dc55e273f39ee26c7ee8b11193030188e4a78a79cdc560856e1817d7ad | Triage

Sharing

General

Target

944788dc55e273f39ee26c7ee8b11193030188e4a78a79cdc560856e1817d7ad
Size

2.9MB
MD5

c8f92704cdeea742baffdd2850c6447f
SHA1

b38f8703fbb1f1051068136a65403a0e9d97c4c9
SHA256

944788dc55e273f39ee26c7ee8b11193030188e4a78a79cdc560856e1817d7ad
SHA512

ece09e94fb466eba0edadb65dba0eb711c52852e64da9f933f1c093bfe996c465a1f1c068792166ac826888ee1a23d8122ef450d9777753e7428cfe2b5fbec39
SSDEEP

49152:UVW68ya6eDs40apruwq+t8g3vKWlcbLR3nns4oqW8BjDZA/Nn6k+eIZZxtscR3y:UVBAZ0ap6uJ/FIIqWu3ZAFn6osZxKgp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

944788dc55e273f39ee26c7ee8b11193030188e4a78a79cdc560856e1817d7ad
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 91KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ