bb4b27782aebd1f659189e13326c602ffb42c3b974594052183e51a3a14e8e02 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb4b27782aebd1f659189e13326c602ffb42c3b974594052183e51a3a14e8e02
Size

860KB
MD5

45b0ae86eb7db1b489d15ea36bf70062
SHA1

7705b00b5f5f2a10d76ff88ee5f1a075979736c7
SHA256

bb4b27782aebd1f659189e13326c602ffb42c3b974594052183e51a3a14e8e02
SHA512

df8a5711d654b26094c353e2822ab546e0f80231048594de374d58b8ea96cc2c58a97d36099898ae563bfc557f87838acab6468f3ec61f27a5b2372e9c708267
SSDEEP

24576:zcKVe2yFeP4qETM6Mh1P8dHeL+ly+0dbhaopnnKNMhCP9iRJoJ1OATfK:zNyF64qGXk4Cnnq9qoK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

bb4b27782aebd1f659189e13326c602ffb42c3b974594052183e51a3a14e8e02
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 219KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 627KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE