404832b5a3e3cb6711773251dbd2842f60e691da2a8f1b768b9d295ad3adebbb | Triage

Sharing

General

Target

404832b5a3e3cb6711773251dbd2842f60e691da2a8f1b768b9d295ad3adebbb
Size

4.1MB
MD5

c5ffad0229f7df13b50a957bc63b275a
SHA1

ba66a065d7ee10d940203ccfa3d37f2812fd9074
SHA256

404832b5a3e3cb6711773251dbd2842f60e691da2a8f1b768b9d295ad3adebbb
SHA512

aa7c8b83cbb7247cb97f37c0e48987e1bec17160812dc302003f6dd22cad7e1a0439f1e24138f910643f5f08fba2f224fc93a641578441aa389fca9d36c817f3
SSDEEP

49152:5EsFlvXoHMGoxNoDoklB85XzqETeaIV1OCu2NY7KKI6iW6:5E0XoHMvxNo8kIXzqETeiCu2WGKIl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

404832b5a3e3cb6711773251dbd2842f60e691da2a8f1b768b9d295ad3adebbb
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE