d4cf3b6ffe9772667628023efb39feb94356357719d41551b2ac4e683f026365 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4cf3b6ffe9772667628023efb39feb94356357719d41551b2ac4e683f026365
Size

3.8MB
MD5

a5f274c0c64c15c8740f3384cc629c91
SHA1

171a35c0cf8a82b021794e61c97060291ee8cede
SHA256

d4cf3b6ffe9772667628023efb39feb94356357719d41551b2ac4e683f026365
SHA512

ad944505b1a0c496d8607d2d56b0a92f91721bee250a798f73e8ae715140c60b305761064779326cd42264d6e34d89eb563a16480aefbb592bb63b404d2a9d0e
SSDEEP

49152:cJ2/ki9W2HTVl+IilZ/NU5ovxtFoCQAm+e6ov1WCE6l7lLZnmcZAybw6ft7bjVU+:Y2siRzVKlZ/yYxcnA+x1xEGpV9AiXU5I

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

d4cf3b6ffe9772667628023efb39feb94356357719d41551b2ac4e683f026365
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 61KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 392B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ