e5455a119f593253845eeec889045b9ae2d9a7cbbb016d2a2ddf2dee1db9b88c | Triage

Sharing

General

Target

e5455a119f593253845eeec889045b9ae2d9a7cbbb016d2a2ddf2dee1db9b88c
Size

4.2MB
MD5

b1581c78c9cd65da0c422bfea1d64e76
SHA1

49fe4d2f03e8190e5c80fff786941f104821862f
SHA256

b20943b255e70f5e217973d95ff88062ed0f951fe307478405f37bd3948a82b0
SHA512

773ba88ae861b4c066ce8d659794d94a0762bb693fb86bd40bc38a967fa4cb1d6ff8b0839e150d3df2a6bb011fe38462e90ffd35f7d52e9a02f46b490ba3dc6d
SSDEEP

49152:vgcmDDZh4LInHgXoXYLUHzDuJyVUlhy9wELXBcuf7mdDDNu4QGyaVOiUqTMhV/uZ:vn0nHy7UTDzV9e+uuDmfu49JVOirK/uZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

e5455a119f593253845eeec889045b9ae2d9a7cbbb016d2a2ddf2dee1db9b88c
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE