f1590c1c0510957a9c99cf69f35ddb4c8b2ebde85c5d6cec0c5acd3c6e2bd2d1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1590c1c0510957a9c99cf69f35ddb4c8b2ebde85c5d6cec0c5acd3c6e2bd2d1
Size

691KB
MD5

1b18702d92ba7118edc5b1b96974e6b5
SHA1

574c65064efc19ae92ef23ce83c0a53ca26ee50d
SHA256

f1590c1c0510957a9c99cf69f35ddb4c8b2ebde85c5d6cec0c5acd3c6e2bd2d1
SHA512

643ae01fe5addbc09eb2ef4ae5f6b915d0c6abdb3833cbe4901c2fe7ee0c8cef827bd70fa4fad13632badbce6b7051f0c9bce3c309d1b10d3df5540cb1cb16ff
SSDEEP

12288:KxvEKwCLnQ0KdF71KpQ8EomdIgFp6CgmoN9TfKxb/SfRQwBtARCBxQbzRZU:AEKwCLQ0YFdR3xUf6m9gwGRZU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

f1590c1c0510957a9c99cf69f35ddb4c8b2ebde85c5d6cec0c5acd3c6e2bd2d1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 106KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 558KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE