903267520ee5e6c989eaae9a03e1bcd2652e3b5754c5426e043a4fe421fb68b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

903267520ee5e6c989eaae9a03e1bcd2652e3b5754c5426e043a4fe421fb68b5
Size

3.2MB
MD5

1fe67b38d30e922c57926b6482f3c244
SHA1

caf215cd090d4de1861e0ec9b437091968abce0d
SHA256

903267520ee5e6c989eaae9a03e1bcd2652e3b5754c5426e043a4fe421fb68b5
SHA512

ed197f3f38951647455652681a0f36f26ab34f15f5f4ecc8dd5bcc340a6227cabed97fce06a9c5f6baf18e2b8640950881775d83bf31f19bcbc6a7ccdf2d100a
SSDEEP

49152:/6vQH2sY0jWUMBQCND/9oCdNM6vrZWO8v3F5Zn/50wofL1sa3gi/v4Z4u9S1:EK2s9WUMfTNpTcDV7nK/1sarvi4sS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

903267520ee5e6c989eaae9a03e1bcd2652e3b5754c5426e043a4fe421fb68b5
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ