ea26baef68276b481ff717b82519b4cc3de9ad1dea5248402cc4ce0f6d654c9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea26baef68276b481ff717b82519b4cc3de9ad1dea5248402cc4ce0f6d654c9f
Size

981KB
MD5

08c34ae2359e6ec8df6b5d51d2b07b30
SHA1

c3d9ca8a18532befe4d90e0f20ec341a45769499
SHA256

ea26baef68276b481ff717b82519b4cc3de9ad1dea5248402cc4ce0f6d654c9f
SHA512

e31aa58775c8820bc50257f16d8695728ed2b3a544ac6e565299eb4089d243a8202cd802512853df184fd75156fffe5388a70dfd474e481ec70065294b40708b
SSDEEP

24576:LZSmM4oy6/jqq/FiLfhyKa7SyW5lYgCWTsgDk5Ec:LZoxy6rqq/kLgK8SRvYgCWTFw2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

ea26baef68276b481ff717b82519b4cc3de9ad1dea5248402cc4ce0f6d654c9f
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 24KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 702KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE