b21e4d1d5957c50d6cce156ea0fd7eef72467bfbb0a777f9fac1ea765212cd91 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b21e4d1d5957c50d6cce156ea0fd7eef72467bfbb0a777f9fac1ea765212cd91
Size

3.5MB
MD5

5d8b6de9f7693a4f9182d92569b06d0d
SHA1

c4358774a0ff4597d3c37c89b31dbdbb59f2b830
SHA256

b21e4d1d5957c50d6cce156ea0fd7eef72467bfbb0a777f9fac1ea765212cd91
SHA512

d26206726fc5f2b8d867f282cc58b1c10f5e0412192f6a00d7b4ad2c61b0c130a576867364a270dc9ed4ae12b7f93cce4be2d8e7072f415f5534f688506f0a0d
SSDEEP

98304:Ax1cF6Sy6st+gs/TvV/Eo4AKB3VEg+qQ/6DEOWvzXn6Ml:scIdavV/Eo4AKB3VEg+qQ/6DEOWvzXnt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

b21e4d1d5957c50d6cce156ea0fd7eef72467bfbb0a777f9fac1ea765212cd91
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 236KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Themida
Size: 3.1MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE