998c0edc49ee42770bef9f368ee0343f150c709f3d1c6e2bfb7a9ede9e1e0d58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

998c0edc49ee42770bef9f368ee0343f150c709f3d1c6e2bfb7a9ede9e1e0d58
Size

705KB
MD5

57f90d1fc2001988b8a078743c7030fc
SHA1

438f7d8b7a45b1619d32da7dd47eded062e2239b
SHA256

998c0edc49ee42770bef9f368ee0343f150c709f3d1c6e2bfb7a9ede9e1e0d58
SHA512

1878b6d0f35eb749d015f35ee99b310c6e8337416e1292d6103665f24f5c78caecc7a85617a69826c875361ad360b504c3047c28dc3a43eb7727b9fa08cb7414
SSDEEP

12288:jKV//WRaFnlnIflfD3YWcimOxsbPiNmnDFxeZiSEKTXLbMxc0UgaWl4TeOM6yBHL:w//cenVqJ3YAmOQDIGKTXLYxc070e4sr

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

998c0edc49ee42770bef9f368ee0343f150c709f3d1c6e2bfb7a9ede9e1e0d58
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 58KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 621KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE