4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79 | Triage

Sharing

General

Target

4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
Size

2.7MB
MD5

84f53b26739d97cbdcd526c5ec88715d
SHA1

ab1d8d6a13e3c2793408944a83e4dec04a919f14
SHA256

4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
SHA512

b825c54e4806165392bc9aff674cf88774e977ac7cf1ec3b40dab4fa04f1c120d1d637a2892a86dd55ffc5a1e26cf2e4e23251c99cd03bd213ba39b0c66dcaca
SSDEEP

49152:0V0sbV7iJxNoeHtzLQe0yckI/H7aSkw/mW+OgoZsgv7bQ+oar+tu:EoXNoeHtXQvhabGmWZgoFv7sVj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

4a28b94c2370f23f68f78368ba399ee38aaedf3afa52eaf6f84b394e3e435a79
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 94KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ