d825991f2c3ff8f9b83f209a9d0e3a59a4ce54c40b57fbb3f0d840a2b758c73e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d825991f2c3ff8f9b83f209a9d0e3a59a4ce54c40b57fbb3f0d840a2b758c73e
Size

774KB
MD5

9fe7d0cc5144d553cdc9da2f3ac0dc7d
SHA1

c6a1b36188116235c37eb98b6baccdc099b1b044
SHA256

d825991f2c3ff8f9b83f209a9d0e3a59a4ce54c40b57fbb3f0d840a2b758c73e
SHA512

73a0eb94b3af32a8466e06d84beb5cc2ee937d9dfb2ba349f8236e7981d8012c403f91faf35a84056cc69a97ec0d8a964aae5947dd5e5855d043e21344f7cafd
SSDEEP

12288:kypfsNRmvTuogsTCn5JfOobRQEeHsRffAu17rceOn7Oq+eub5V6pm816bs5gl/NL:JfsNYLXgsTCj5SJmfoPeOKq00grIgHV

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

d825991f2c3ff8f9b83f209a9d0e3a59a4ce54c40b57fbb3f0d840a2b758c73e
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 5KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 622KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE