30435af97b1c2395ba534d4e59b795d33c58a13cfd0bc1ca750e13242f8228bd | Triage

Sharing

General

Target

30435af97b1c2395ba534d4e59b795d33c58a13cfd0bc1ca750e13242f8228bd
Size

3.9MB
MD5

e12e7deac21ad7c31da07334d8091489
SHA1

4faa110b8fab039cec6ab6c6a5ce0e965ae54aa8
SHA256

30435af97b1c2395ba534d4e59b795d33c58a13cfd0bc1ca750e13242f8228bd
SHA512

c9d615446850a012d3b5b8b7b26f6d33d3f87d4657d86d8f2bb4406c62f13be0de563f9bdba1c5ee6718605b1f60746c288921baae11c0dc4f7d1ae2cbb293a6
SSDEEP

49152:/USI3hy1BJp5Bl9cD8UiktkB01u6UGl4pFTnifchm:/USIxy1BJp5rSzikKO1u6l4Hnifchm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

30435af97b1c2395ba534d4e59b795d33c58a13cfd0bc1ca750e13242f8228bd
.exe windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE