9dc1b9597cedfb7a815ee075032af43dce31b9f8a6ed024367a896b45c6c1790 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9dc1b9597cedfb7a815ee075032af43dce31b9f8a6ed024367a896b45c6c1790
Size

651KB
MD5

f98f79ef4617992603b0a7d648034c54
SHA1

65ae59b286e0d4746f2d644eb190b95af2119e64
SHA256

9dc1b9597cedfb7a815ee075032af43dce31b9f8a6ed024367a896b45c6c1790
SHA512

226753402dab7af9ec0ada8cb1abe839a8070fe046e6129a8865d59b8c45b9b7d2fbd933aeb414e1bfeb7aab7a2b8301851d60b9685be806be3248885eb06750
SSDEEP

12288:CxEANKB6Lms1Iq0sMxBbuamrw+7FvnXFNmcu+OzNzOqxtCe6SZAdtwn11SlH:9ANO6S3qN5H711NF1OzNDx5ZAX9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

9dc1b9597cedfb7a815ee075032af43dce31b9f8a6ed024367a896b45c6c1790
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 634KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE