70d28a780547d30d7da90c2c0c6827515268512cf8c1788e9397db3f61884274 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70d28a780547d30d7da90c2c0c6827515268512cf8c1788e9397db3f61884274
Size

620KB
MD5

7f283434355d7b5efa829141c183ac60
SHA1

07029454dceca126fa03ef95718196d7a2e27196
SHA256

70d28a780547d30d7da90c2c0c6827515268512cf8c1788e9397db3f61884274
SHA512

39c2f27949dd7d1ad4b8802a21b2207ad9d425194c8a32f3debe00dafd2e4225457ea150544755f44aa6e90d562f2e1496116fc6593ec593648fff7e30cff38b
SSDEEP

12288:uwWc0tooZq/io3HDblVPzr/RTRaADs1FyExiVLUFsRxYr3RjCUVszjrj:upVyoMao3H3ThRJDs6Exg4RGUVu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

70d28a780547d30d7da90c2c0c6827515268512cf8c1788e9397db3f61884274
.dll regsvr32 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 605KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE