ffed03a2657c28aead234106b855ae695afffba831982b72c10868a158306d26 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffed03a2657c28aead234106b855ae695afffba831982b72c10868a158306d26
Size

2.7MB
MD5

0cbbff857a01afb4d555526eab16a767
SHA1

be6242be1b917e7d5666ba4c0940638205440b58
SHA256

ffed03a2657c28aead234106b855ae695afffba831982b72c10868a158306d26
SHA512

29af0fe22a7476c4de68115b7b56213967c4a6210170d9092cc6c742d23acf6e58e0fa1266a430823716e9ddc118db261ae840350b8c6fe68dbf0cf09850e554
SSDEEP

49152:2yn4PZrYhl+8jzytpnNDrSPU4IlDJK49MNGqy6y8ttCapCVOaO2RS/:2Q4E+YzmpxWPyK49MNxLCYeRS/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

ffed03a2657c28aead234106b855ae695afffba831982b72c10868a158306d26
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mini9
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE