4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614

Sharing

Copy URL

Twitter E-mail

General

Target

4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614
Size

2.7MB
MD5

e8521910af59327a456d52e94e93eb92
SHA1

0e1bda5903de2c3172f2cd01291b45b6a4250fca
SHA256

b1fb95368c961ca9d884628e63b19a009b359a736ce90532faf2532dbeb91cdd
SHA512

98d2e94f22666397dbe930ff9069286fd04f97233ac857621c3374f51399e6bfaa4e60a6457c20908efe7db2cd55ca91690860ca4203abb794cc6f146ab320c9
SSDEEP

49152:7ZIjq2Ypf4ZuMZd7ziQ7m5MATDtHXT6nqs65pYP6Q+O3iZf/Ns2PtZxdYioYHqrK:7SjNsgYMZ1OQ747D5XTXsqpa6EiFNhYs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

4a68f0ad3c0758aeae9675c4b62260922a0f09cdfd5721bfd25fbf12b00db614
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 3.6MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 135KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 46KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 195B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 484KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 61KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 3.6MB - Virtual size: 10.7MB

Size: 10KB - Virtual size: 23KB

Size: 135KB - Virtual size: 229KB

.bss Size: - Virtual size: 46KB

Size: 1KB - Virtual size: 18KB

Size: 1KB - Virtual size: 3KB

Size: 512B - Virtual size: 195B

Size: 512B - Virtual size: 69B

Size: 484KB - Virtual size: 889KB

Size: 61KB - Virtual size: 286KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 7.2MB

.boot Size: 4.9MB - Virtual size: 4.9MB

.bss
Size: - Virtual size: 46KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 7.2MB

.boot
Size: 4.9MB - Virtual size: 4.9MB