896fa4659601079ef7ad0f8aa2d2f075d1f09e53dce983176938a77f554772e9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

896fa4659601079ef7ad0f8aa2d2f075d1f09e53dce983176938a77f554772e9
Size

3.7MB
MD5

d976f4e0597a049d07b78fe73ef7e40b
SHA1

81ecae377aba6306bba61f384986e375a459c2bc
SHA256

896fa4659601079ef7ad0f8aa2d2f075d1f09e53dce983176938a77f554772e9
SHA512

1ee065a4cabbaf6564894b9ab7ff6f3ac276fc914ebf71785455042e575de4851ae64eae51bc96d8b71a43339a792fee78d054b866da0e63afbe465a000af749
SSDEEP

98304:L1DlSeoF3npu2egcYM8HNAkNrWdIZveciYEyZXNIpXYaQBUVsprf:Bg5pucM8HG2rg+tiYEy/IJYaQV5f

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

896fa4659601079ef7ad0f8aa2d2f075d1f09e53dce983176938a77f554772e9
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 7KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.9MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE