bf8218ad467b35e3af2b16e114c1b6f6a300022e57f1ff538d7f376d204bbdd3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf8218ad467b35e3af2b16e114c1b6f6a300022e57f1ff538d7f376d204bbdd3
Size

788KB
MD5

7914dae667477a6475122ee6c382c00b
SHA1

f66fef6471444f6f2b1656f41e350002396728c2
SHA256

bf8218ad467b35e3af2b16e114c1b6f6a300022e57f1ff538d7f376d204bbdd3
SHA512

3656a7c0c3fc0acb4010946792b6791766da43b14c93f7079b2a11911171c4e2d721e4750394f028fa9dd8533be16dd7dac15b2dcfb336558cbf5f1e1090276b
SSDEEP

12288:R2o7KMMkm7kyZ1iLQgfkovNfuTHswOYItdGgpk/9zVDNUYW7m776A:Yo7Kwm7k+ILQumbswE3MBDNiO6A

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

bf8218ad467b35e3af2b16e114c1b6f6a300022e57f1ff538d7f376d204bbdd3
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 215KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 556KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE