bcaa05790a053f2068c464dc690c28cfa2a5717daf0caa351fd045692097409f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bcaa05790a053f2068c464dc690c28cfa2a5717daf0caa351fd045692097409f
Size

781KB
MD5

2b5e7ea6235881245347be1d241c5132
SHA1

39ae39693dc71191b0ba1d3350ebcdf16502f799
SHA256

bcaa05790a053f2068c464dc690c28cfa2a5717daf0caa351fd045692097409f
SHA512

6b45fbd2003bc42bd489ba75f947b5950a3ecf7df1631fd12d6b1cf3aa8da11644a49255526668ac44958904799fe9cc8b5d5cb63036950541b06d45fa4a1542
SSDEEP

24576:JWlttS3n4w7enEde0UfGmaYom1k2E4yQ7bcH:JytA3TdqfvaYoaHE4Jc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

bcaa05790a053f2068c464dc690c28cfa2a5717daf0caa351fd045692097409f
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 29KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 642KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE