6ccab40f74e4f047c285d576145dc05cecc4b086f23902a83b7549fbc516c088 | Triage

Sharing

General

Target

6ccab40f74e4f047c285d576145dc05cecc4b086f23902a83b7549fbc516c088
Size

1.5MB
MD5

1b427268e277f11d663b8991b7745921
SHA1

0a79d6995c657489b06d6eee0b36846847afb993
SHA256

6ccab40f74e4f047c285d576145dc05cecc4b086f23902a83b7549fbc516c088
SHA512

0668803f2b1591d4b0460e7754d288506eec440c5a0203f6e5cf7413f9ace039e35148dbd6aada8242aaf37b3ba1c856a8cc230f2f56c11a2427ec7c3889d38f
SSDEEP

24576:FHB+yy4JbCYyK2cC6dbcko2HeKgyYO3SgKaqJOQXM9Qa2hBmLK9Y:FHB1JC7K2oiko2mQKaqxXc12qu9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

6ccab40f74e4f047c285d576145dc05cecc4b086f23902a83b7549fbc516c088
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 346KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MaskPE
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MaskPE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MaskPE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.1MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE