9cefe757b9ea55bfbff32d10c7a9e61e07e33c72c2229b2cc6e7c52edc2d34db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9cefe757b9ea55bfbff32d10c7a9e61e07e33c72c2229b2cc6e7c52edc2d34db
Size

934KB
MD5

19b9894a98c28c6a502c9662e666afe5
SHA1

c4234311bb28e44a32735456a685a4295dcae624
SHA256

9cefe757b9ea55bfbff32d10c7a9e61e07e33c72c2229b2cc6e7c52edc2d34db
SHA512

6acf7763ddc5532658323e3427988feaa63db66ee0ceaf9cc077c52f6db6e7183d37f3f9b2fe1acbbc77eedd19f3ff6c083642a16e593cab452f0591b2f3907e
SSDEEP

24576:+8brA2m338MBaMX/iuBWZpH0R6qOFNCPXWaPZBOYvaKRU6:+ShJagH0R6bFNqWaPZBOYv5N

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

9cefe757b9ea55bfbff32d10c7a9e61e07e33c72c2229b2cc6e7c52edc2d34db
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 740KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE