0dcc1585795fea0c678970a0402430367bfa70e9893d092dec860ae28ece541a

General

Target

0dcc1585795fea0c678970a0402430367bfa70e9893d092dec860ae28ece541a
Size

857KB
MD5

48a9503601347042a55b1d903fc43610
SHA1

70ac9cac4a165faa65beb20c89d2618554463ff1
SHA256

0dcc1585795fea0c678970a0402430367bfa70e9893d092dec860ae28ece541a
SHA512

84729b797f143343fffb501306b1ff6cca56da12daf22d4cca7619dfe981b4e9d1eb03744adfb2ef29e2f6c89b4f6b43aa2e9166fc41bc5ac1623b709b9f89f3
SSDEEP

24576:djs3pPYoAuSlA13hp+lEA3PSgz0daGwF4Lw8J+:0plDSM4X3PSgz0/wC8++

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/U_U.exe	themida

Files

0dcc1585795fea0c678970a0402430367bfa70e9893d092dec860ae28ece541a
.cab
U_U.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
WINDOW~1.EXE
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 36KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 640KB - Virtual size: 644KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 192KB - Virtual size: 192KB

.sdata Size: 512B - Virtual size: 152B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 640KB - Virtual size: 644KB

.text
Size: 192KB - Virtual size: 192KB

.sdata
Size: 512B - Virtual size: 152B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B