f09198af6a174dd2b19a7d106e89744d4f0c131adc9af3b94a4fd083a0e17fbe | Triage

Resubmissions

05-08-2022 04:11

220805-er2s3segf3 7

04-08-2022 22:19

220804-18g1wscggj 7

Sharing

General

Target

f09198af6a174dd2b19a7d106e89744d4f0c131adc9af3b94a4fd083a0e17fbe
Size

7.3MB
MD5

55c7454a41683458b9be667756006cd8
SHA1

b7231e9d2d7eddfe475f8a9be485fbca0747abc3
SHA256

f09198af6a174dd2b19a7d106e89744d4f0c131adc9af3b94a4fd083a0e17fbe
SHA512

d89486d6c2f97e5a543f98ba4e115b671e4a64279e41e78750a341a45f60a72f46f7aed4c1812b2c350491c79f8b28dab8900bd0271a794b35f952ce9b82d09d
SSDEEP

196608:TvcgrN+67/GUwDQKEuFACq/Z+UPQU7OAXYiP:TcgZ+2G90KJrFUK2YiP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

f09198af6a174dd2b19a7d106e89744d4f0c131adc9af3b94a4fd083a0e17fbe
.exe windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 77B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 607B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ