27bc3d8575e584aa2dc37623c04b252544d192da1a4cf1ab9c497d976679c25f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

27bc3d8575e584aa2dc37623c04b252544d192da1a4cf1ab9c497d976679c25f
Size

1.3MB
MD5

1999816196114985048862f7ab913e95
SHA1

511df39c858280ab1cf03bb774e8e3ff45bb986f
SHA256

27bc3d8575e584aa2dc37623c04b252544d192da1a4cf1ab9c497d976679c25f
SHA512

a379f5052c4e4e78f0a75bafa9dd8714321630b06ba0b4f2c65d110ce52a46e84b2486c0bb1c5294ecea97a7375d2de0663bec87fb87fc1db8a0578a80115994
SSDEEP

24576:uNhmtB0giZ4nBzWhmRb9w0KDaUsWINmRTrg+mOIll/z74DaVMNlnj/z:wEgQctDhZRA1zzGain

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

27bc3d8575e584aa2dc37623c04b252544d192da1a4cf1ab9c497d976679c25f
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 422KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 828KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE