aa166a247a612ab74a6cadfd95800da0e4b2257d5442fd4e8558ceb05f907f2f | Triage

Sharing

General

Target

aa166a247a612ab74a6cadfd95800da0e4b2257d5442fd4e8558ceb05f907f2f
Size

567KB
MD5

362b306967fa08fa204e968613c48b54
SHA1

1cf8efddf5f9fc1d31084118e1d83deadee06f02
SHA256

aa166a247a612ab74a6cadfd95800da0e4b2257d5442fd4e8558ceb05f907f2f
SHA512

aeb8a09416fd1c639bffa5ee040ea67bccb5bcd40e79bc4edba9c38cb89789d0775c82a111c2c5de5a87b71783bc76aa243619a8405b42f50874f5ba76b05476
SSDEEP

12288:lyMYXbKuqOU43aH55L9Poxai1ABOy12d463NhJZGdbAD:lpYXbKuqkKb9oMi1OOyUd5JwBe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

aa166a247a612ab74a6cadfd95800da0e4b2257d5442fd4e8558ceb05f907f2f
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DoMainWork
DoService
ServiceMain

Sections

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 466KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE