1b301ece76f0b0c19c780ea91d23a4e5bb60d77c4356ce840824c0ebee11dd42 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b301ece76f0b0c19c780ea91d23a4e5bb60d77c4356ce840824c0ebee11dd42
Size

5.0MB
MD5

0339c5d63aecf704af65efe9c41c500d
SHA1

085221910328dededefa00101cca781d15b32887
SHA256

1b301ece76f0b0c19c780ea91d23a4e5bb60d77c4356ce840824c0ebee11dd42
SHA512

87bb8be31b27290bd6808748eaba413dee9637a6aa489ee10d1c97c4f09d707c8d432c5370006720b99de3f039f73492b02f9e50b11daf04016c36f3c9b7eebf
SSDEEP

49152:VPqWlDnJftHg8rug2OA8TCFELRINKioYeAIlEgFS6IRjMeRZ0g8BW43pXkEan5AZ:VPqWnR1ruGOF2RKUnVFSNL0g896Veb

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

1b301ece76f0b0c19c780ea91d23a4e5bb60d77c4356ce840824c0ebee11dd42
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 558KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE