4500c6e71b1b6dc45a337f78e13f69d97d2e2fc1ab59e53fbff9982296d7c024 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4500c6e71b1b6dc45a337f78e13f69d97d2e2fc1ab59e53fbff9982296d7c024
Size

934KB
MD5

466b71b1e7131aa8b414f2a6c438fc72
SHA1

b4923ff572ef7b99ac0d8c605d5922314bca8168
SHA256

4500c6e71b1b6dc45a337f78e13f69d97d2e2fc1ab59e53fbff9982296d7c024
SHA512

959348f12b0795b5cd318b977fce7c8a6125ae5616b8fda4a4a0cb0bc88937142101ac2e643dee283c444a62d434a621d068045d2101ab0d518ae068b0590f54
SSDEEP

12288:Ok5ckdSRODewPCZFz1YpqzPGIpYXHjreDb2oJH4e7u8TvRU5EH2Hvemt4mOU1W8u:1cmSR0nozWwyVX2DZt7ucRU5EHRmOD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

4500c6e71b1b6dc45a337f78e13f69d97d2e2fc1ab59e53fbff9982296d7c024
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 24KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 658KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE