f67e60dde1c9b356f36c5873a68458b0a5c8cfe41f150ec5a0250c3e877e3c54 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f67e60dde1c9b356f36c5873a68458b0a5c8cfe41f150ec5a0250c3e877e3c54
Size

964KB
MD5

08b26a1b29da7c06b97112815f7c39ac
SHA1

b0df4be3789a6896c9efad27b9aa5367ad18fc2f
SHA256

f67e60dde1c9b356f36c5873a68458b0a5c8cfe41f150ec5a0250c3e877e3c54
SHA512

b099a751874d8a84be9933cf30d9876a9e215ee1b62200305fa01ad8f4dfce691a87bc9caac3c165eadb4eee5608aba849469248064e36ac1b3c3efa37a1be59
SSDEEP

24576:SLfArrEulUnofahLIkhLNY/WlMYtcEi1upqtL:6kU8WlMYtcB1uwt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

f67e60dde1c9b356f36c5873a68458b0a5c8cfe41f150ec5a0250c3e877e3c54
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 690KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE