0432fa9a068b9dda73edec2a4b05b972ee68589bad7d9470d89e73b08f1f533a | Triage

Sharing

General

Target

0432fa9a068b9dda73edec2a4b05b972ee68589bad7d9470d89e73b08f1f533a
Size

2.8MB
MD5

614a3b04cdcd3e06426e9de4349b104c
SHA1

520b4007d12b1a2398a763991610c6604ec2ad83
SHA256

0432fa9a068b9dda73edec2a4b05b972ee68589bad7d9470d89e73b08f1f533a
SHA512

4e8e00ca9d239c66891c98e7c5c67a4523e0b06edc3fb74212ebc0dc5ac1bcdb806425cee59e490356807cf5748fa7577c662a9e8031ecac7f02d31804126c4c
SSDEEP

24576:gBxj5Aa6PlBO/zcOWlXIrd3aqh2FVRAAnfV396OyyDGOkuQ/nv7H705J9qjUb0AG:gfutn2N23GvQy3quoqj0SGzxuF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

0432fa9a068b9dda73edec2a4b05b972ee68589bad7d9470d89e73b08f1f533a
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 55KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE