805c76a357401359dee82c4d155b9736af58523da62dd11299eaafe0beb1e3da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

805c76a357401359dee82c4d155b9736af58523da62dd11299eaafe0beb1e3da
Size

2.1MB
MD5

8484279a7acd5e33823c96fe9afb0561
SHA1

63c4c81907eae6e87bb4bf392ad4488b34e0591a
SHA256

805c76a357401359dee82c4d155b9736af58523da62dd11299eaafe0beb1e3da
SHA512

c7d2d3b07bf1c61e742ecb3803bdca7e62dadb92da570c005abcf1dd4a55d5828c8614e7fa736059b487a4287c3f913e0838be91f68f39d63a3b6b415fc4460f
SSDEEP

49152:hhhF1x/xsWHhkv0Jfwi24flH+8gNzizDh+FTl2tbZXq:hhhVTHhkvkwiRHvYink9l2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

805c76a357401359dee82c4d155b9736af58523da62dd11299eaafe0beb1e3da
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 24KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 256KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.8MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE