601ec8490fe25f403517a40f67a2139f73941f02db975ce46bb7d854de138c91 | Triage

Sharing

General

Target

601ec8490fe25f403517a40f67a2139f73941f02db975ce46bb7d854de138c91
Size

3.9MB
MD5

a0997befa0affdaa594f96d2dee0b10a
SHA1

36a70410b06c9fba48c72f279b047674276b4f2f
SHA256

601ec8490fe25f403517a40f67a2139f73941f02db975ce46bb7d854de138c91
SHA512

c87fbe565f04b065ee50f4abd36aed1f0305dbb6c90a161a156a2cfc4dcef410efdcbc0d3699ddd651dce52b3f4b7b77e5cc38a9e14c1559bf0d1880b4f977cc
SSDEEP

49152:hMboZmdPhjZL+DxBHFnS6Jh6yYYaftD4lEN70bikBoPpIu2dBd:hMukPhjZL+DLl6zbN70bicYb2jd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

601ec8490fe25f403517a40f67a2139f73941f02db975ce46bb7d854de138c91
.exe windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE