96f482132062b5c880a6dd50bf573965714dab8e7212d67c355bb8911b074dc1 | Triage

Sharing

General

Target

96f482132062b5c880a6dd50bf573965714dab8e7212d67c355bb8911b074dc1
Size

946KB
MD5

debb97e03bd8b3c83bd9db4792d91755
SHA1

b50ff393ffdeeddcb9f55a5d86fe1c9c7cd7ddb7
SHA256

96f482132062b5c880a6dd50bf573965714dab8e7212d67c355bb8911b074dc1
SHA512

a05ff9d791ce8c6a19ee14c30e95408b788973b3fe0e4eece25bd7873ddc148ba3cca42680631fdbdb443b47a7db9e3b9c9414e17713a594530f0390118ba5c0
SSDEEP

12288:T84PSf84iisDh3TKOWk+GLqovVwKKvwaJ/EQcGxas+3ndp4FBTU+JaJZR6:T8Ff84i9TzPLddKvwaJ/qGxGdqSz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

96f482132062b5c880a6dd50bf573965714dab8e7212d67c355bb8911b074dc1
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 313KB - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 617KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE