459a5cdce5a8807183c7e76468ade9922e44e9c0cfaf19694968b5258a819560 | Triage

Sharing

General

Target

459a5cdce5a8807183c7e76468ade9922e44e9c0cfaf19694968b5258a819560
Size

1.4MB
MD5

5f694485f38ade6340a0d7939d91de3c
SHA1

792249e1e7892fabe1434a18c12a082a0ecc12fc
SHA256

459a5cdce5a8807183c7e76468ade9922e44e9c0cfaf19694968b5258a819560
SHA512

cd4fa0d98663f5fed934697b2c03abab966a75a1feb911e14807a82b02bba6ad17fcfc974485efc297ac430b5d41e5d01e2f1ae0d9d6f339b13efaae9d66e530
SSDEEP

24576:YupbgxFrk3Z+FQ22VV03bbxYc9DoXGupWuPo/VaycTw92h:Xpb8Wk2H0r2SD/VfCh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

459a5cdce5a8807183c7e76468ade9922e44e9c0cfaf19694968b5258a819560
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Csocket@Finalize
@@Csocket@Initialize
@@Ffrmbot@Finalize
@@Ffrmbot@Initialize
@@Ffrmlogin@Finalize
@@Ffrmlogin@Initialize
@@Main@Finalize
@@Main@Initialize
___CPPdebugHook
_dlgAddition
_dlgCZ
_dlgParty
_frmBot
_frmLogin

Sections

Size: 724KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 698KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE