cb4b6e361536038bb6554f9bc08bc7ce6f4fbe8cdd8ce66d351132686b36c9ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cb4b6e361536038bb6554f9bc08bc7ce6f4fbe8cdd8ce66d351132686b36c9ab
Size

1014KB
MD5

5b1c8da7227308a305ff8717c4be0e54
SHA1

e2015aba70c1e12c1e7c1ab04cb36068c82dab03
SHA256

cb4b6e361536038bb6554f9bc08bc7ce6f4fbe8cdd8ce66d351132686b36c9ab
SHA512

28cb7ec9be336bf063d266322018d86adbd153f5f63f19f546e3da5610ef49b4453bf3053330a9452188192b6833c90e81847a58cf06c7c36a70eb03d54fc43e
SSDEEP

24576:RQUxN9C2H+GPNCBgoVUkvc2mDXwuwVddpHObf2yIjV62i8E8l:iUxNr+eEgJ1XCwr8jy8x

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

cb4b6e361536038bb6554f9bc08bc7ce6f4fbe8cdd8ce66d351132686b36c9ab
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 354KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 623KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE