6ae504bf50417a40378c1e1f16a636d88a46718d5569a5bfc1237a0d1b649899 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6ae504bf50417a40378c1e1f16a636d88a46718d5569a5bfc1237a0d1b649899
Size

1.2MB
MD5

e30f19f6114442ea1161dd4c6e73c8fa
SHA1

522e03ba5a9413baedde0f6977a4c776a81d8e17
SHA256

6ae504bf50417a40378c1e1f16a636d88a46718d5569a5bfc1237a0d1b649899
SHA512

4d2525113c244cd9a275abb2fd5f0b452df3f015b99b86963b20d351ce791dfcc703aefbc11c84349f2e0ebd0b69ac2e0a09a27748c226e3c891ade764891be7
SSDEEP

24576:WofjuyDNdg8a5PBIWfX1aEBl9VKV1AXigAXMatzeJXyFBlsaVbpN:WoXDNdnacEBl92wvijLHBpN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

6ae504bf50417a40378c1e1f16a636d88a46718d5569a5bfc1237a0d1b649899
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 305KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 661KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE