91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758 | Triage

Sharing

General

Target

91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
Size

2.9MB
MD5

167d1f7c7288ab824af9c18a09145102
SHA1

e0eb15a2897c257a1af93047e49e45999d859fe5
SHA256

91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
SHA512

dd34ee7be017fdb72ce9ac416784196588d7cee711401af377e534a302f994ae10de0311e41e9d286ace1d1fb86b45e3c6e87066868a1ae26cb3e8fa5e9a1d11
SSDEEP

49152:9ofzhv05AZpDSvpAo6chofH2xL/eBeTLBwJIsCVlKwoZczczNzQE8J5WPqD3oiV:9ofdv0QpIANchJxLvTL2OselKwoZ7zC

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

91dddb4e611f8c67d861725d881562cb4b0660f1d071713b4cc8b8d2f1767758
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 94KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ