fd4069d08c6b04d348ba3a98f3d71c4f78be4f288e4edc404aefbc024ea6355d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd4069d08c6b04d348ba3a98f3d71c4f78be4f288e4edc404aefbc024ea6355d
Size

1.9MB
MD5

d0f1c96cf2014e67678b48648b26b48f
SHA1

35c838ce5f57267c0f0ae91ee7a0da9838e20750
SHA256

fd4069d08c6b04d348ba3a98f3d71c4f78be4f288e4edc404aefbc024ea6355d
SHA512

eca69427861d5c490dd418f9e02b56cc081848fc3b55b0902c70857d0bc628b88af88b4e90b6ae769cabda43de7c090744b6f3aa7dd8d54650cbc7bfe1fedf2e
SSDEEP

49152:4fUWNk3pJ/VijeY3b+K+QbMBjkNm5rDx9RuYcmdkd:M2pFVMj+mMxKEDx9Rudmdkd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

fd4069d08c6b04d348ba3a98f3d71c4f78be4f288e4edc404aefbc024ea6355d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 398KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE