d40e572f4b1c057ca9b116e511d19dba523e27dfaa44273ebf76ec66e92fa114 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d40e572f4b1c057ca9b116e511d19dba523e27dfaa44273ebf76ec66e92fa114
Size

1.6MB
MD5

e3bbb6fc2d96a3e636eaae132dc15324
SHA1

e7bde5c49f624a4f32614c7a60e8c3765d607565
SHA256

d40e572f4b1c057ca9b116e511d19dba523e27dfaa44273ebf76ec66e92fa114
SHA512

33e76ef767c6e047c3f7a186835cf6fd96abb9b54300abdba2d888d8c2466ec952582023d2c064430c69030413b8bd15b173fa12a790db7847839e26a4c2a16f
SSDEEP

49152:DFupedElOztamxlKyHz2rIvYouwutH67eEq8T46nQB:Y0zDxlKyT2rIutH6aEq8T46QB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

d40e572f4b1c057ca9b116e511d19dba523e27dfaa44273ebf76ec66e92fa114
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@@Addnic@Finalize
@@Addnic@Initialize
@@Setinfo@Finalize
@@Setinfo@Initialize
@@Util@Finalize
@@Util@Initialize
__GetExceptDLLinfo
___CPPdebugHook
_fmAddNic
_fmNicInfo

Sections

Size: 264KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE