d66f1b4703ebcb661736c6d190930b03eac752e45f6fafb32be039e8f6a37814 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d66f1b4703ebcb661736c6d190930b03eac752e45f6fafb32be039e8f6a37814
Size

587KB
MD5

dd7a97902e7805227acde5f7bb28c22b
SHA1

a65e808fe43effe18823e84ffd6b19edeb298fb6
SHA256

d66f1b4703ebcb661736c6d190930b03eac752e45f6fafb32be039e8f6a37814
SHA512

d7c13bc96df9be919564f52d994faa9b7baf4e72e9faa94c8f101e29962cbea9bb723a44905b50dd5c17b950d22fa8754d040983b2bbf932ff4d6caf8d4b26bb
SSDEEP

12288:Y29Thkvxj+p42h/DWwlhG8BduIZwv+14dmcD5npKKupET7:Y291OxjAF/G8BwI6m1JamdE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

d66f1b4703ebcb661736c6d190930b03eac752e45f6fafb32be039e8f6a37814
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 128KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 531B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 454KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pseudo
Size: 27B - Virtual size: 27B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE