34683f570c9293f66f92bd9afbf23dd1c0eb40894e4d4d33dc1096952fc4d59e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34683f570c9293f66f92bd9afbf23dd1c0eb40894e4d4d33dc1096952fc4d59e
Size

920KB
MD5

21524de93c1eaf72338c5d00054cd2f9
SHA1

7f69f3a0ed6133cfeb3a8d9d4b4b2acfb8b4140d
SHA256

34683f570c9293f66f92bd9afbf23dd1c0eb40894e4d4d33dc1096952fc4d59e
SHA512

f8daaecbdb2f671f3237088061c749890d0606b04678e2c5cdda9fb1164bf790b3c19baf43aa50f298c94c35aa3b7c4f2720826945859270b65cc6d9a022058f
SSDEEP

24576:MCnYw/fEvm1F/JpL37rZmFVCqrJziddmcP:nYw3EApaCSJzidP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

34683f570c9293f66f92bd9afbf23dd1c0eb40894e4d4d33dc1096952fc4d59e
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NewIID
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE