e4938609be5b3a983e0623984baa6a7e77c79b5788402067f8f30935ea08265d | Triage

Sharing

General

Target

e4938609be5b3a983e0623984baa6a7e77c79b5788402067f8f30935ea08265d
Size

724KB
MD5

3096b3eb25bae5008a7a9c9939b0b92d
SHA1

47f2d6c9cdbc2d428daa54dbed365b1168771c0c
SHA256

e4938609be5b3a983e0623984baa6a7e77c79b5788402067f8f30935ea08265d
SHA512

a7ae65dd303cff0f3c404ab0915af928d143f69e8b06eec7738f59de469d679590f631b125692d608943600563bbfa1929e3f3c7ea1db3f1d5cdc8af3b397d3b
SSDEEP

12288:Bpr0l2GuYca268V1k0B2RVMOIPfN4Wnr4uuNTR5MOyUW11zosJop+A0kZ:frA2WVl0BeVhInN4YWTXM50R

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

e4938609be5b3a983e0623984baa6a7e77c79b5788402067f8f30935ea08265d
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 614KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE