cf8d9b28b3b01d73b11df99a500b34c95cc1ce890b11c8e7d082de24aadd1ffe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf8d9b28b3b01d73b11df99a500b34c95cc1ce890b11c8e7d082de24aadd1ffe
Size

682KB
MD5

6e5a5409d6064063ac66c3ce6adcb676
SHA1

788a2354aa2c5d43bbf77de8b7b3d1b1da6f0605
SHA256

cf8d9b28b3b01d73b11df99a500b34c95cc1ce890b11c8e7d082de24aadd1ffe
SHA512

264380e2c4d113b10a29f39a7a28757bada72b0b9c785296735c92b425ef54eaca7033c2b8a691cf5fe95d275b5c0b23b11234c3b99d544563a6bf2b7feff774
SSDEEP

12288:+yDg3vBEqJ0uezWGAg3/89zFQNXOZEQgHvDcf/RBR7txV6rctIUXO+LTLg:RYyp3/89p8IqvDELR7J6gB8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

cf8d9b28b3b01d73b11df99a500b34c95cc1ce890b11c8e7d082de24aadd1ffe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 35KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 637KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE