d1925b9884391d1693ddc245bd75901bd04a00326b4c83515752bdf7908d3963 | Triage

Sharing

General

Target

d1925b9884391d1693ddc245bd75901bd04a00326b4c83515752bdf7908d3963
Size

1.3MB
MD5

d1a092ca06c0fd60c5ddd79cbbf6599c
SHA1

5046e96c998293676ab9e787067460e395ee9ef1
SHA256

d1925b9884391d1693ddc245bd75901bd04a00326b4c83515752bdf7908d3963
SHA512

c492522dcea5eae3b18294a7678d12b7a8c67d56ef477d34f4d91f8e65dfade712a14832eadbd6cf25293eb68ddf3024f97106a37229dd1b4fcf4c0c833f2411
SSDEEP

24576:30pJ+pR3pLJDitAeJ2JZhLhHxxc1Y8NBBu1q56B0:kje3pG/sxLh4Y8HX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

d1925b9884391d1693ddc245bd75901bd04a00326b4c83515752bdf7908d3963
.exe windows x86

f433e7fcc51e68080022754836705744

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Sections

Size: 58KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bkj.0cxp
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

38lml5.d
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wig7az8y
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

psv7404f
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0n3mw74t
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ