bf6fed6716412ae8dd36dd393f1df0a46fdfa105e3dd9e51f351d753e20f8268 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf6fed6716412ae8dd36dd393f1df0a46fdfa105e3dd9e51f351d753e20f8268
Size

627KB
MD5

48e1d1661293239bc26853c2f1ff0fce
SHA1

331a23793371252ef704ee72c5509208ff8abf79
SHA256

bf6fed6716412ae8dd36dd393f1df0a46fdfa105e3dd9e51f351d753e20f8268
SHA512

6047b08e736fabbdfc41bf51552593ef0aa6d896cb767c2b9bf5246bc7982e4e2815b91a7aa8c6ef2ed05be28b1e5d1c58c6538e63ce1ed5efda8a46df86c8a1
SSDEEP

12288:pYO1D8gXbPeDPdEH0MK0eoG090EeFjGjs59QWyxtyz5NItOP7qCnAEuNEp:/1D1LmDlEfteXNZFqsXQWyxtUNIkZnpz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

bf6fed6716412ae8dd36dd393f1df0a46fdfa105e3dd9e51f351d753e20f8268
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 607KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE