ed6f7e7d6b1cf373f5cf5d011b01805b317b39d94da01c28c15bce0988cb611c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed6f7e7d6b1cf373f5cf5d011b01805b317b39d94da01c28c15bce0988cb611c
Size

760KB
MD5

1dc088c1593093e3152843a8ff0eeec0
SHA1

27c4e84cb06e012e5dfee9f6b94018fc7d1ef7a0
SHA256

ed6f7e7d6b1cf373f5cf5d011b01805b317b39d94da01c28c15bce0988cb611c
SHA512

9321653482abee916ea02a3ef08ace68bb090d2555ebf382ea1630358d2d28312856167d2577241126fff28584630583f1cbe794a3996eac2356f1250e075acf
SSDEEP

12288:1z2IzebJpcx2mzF0ifxdetklgZ/1t8Lnzs5XdzTwbhdd5kOTZutpw5aTogFQ8xc0:1z2Izebkow33e2Lzxt3iW5QoN+czsJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

ed6f7e7d6b1cf373f5cf5d011b01805b317b39d94da01c28c15bce0988cb611c
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 106KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 626KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE