9886f4cd2435917517c733aa6a5aea1924b2df5648b1363bd568e2eb8deefeff | Triage

Sharing

General

Target

9886f4cd2435917517c733aa6a5aea1924b2df5648b1363bd568e2eb8deefeff
Size

987KB
MD5

1a1cbd4f4593310171f3e767bba02018
SHA1

3fac384296ffb4430fee73f9b39377832eb720b8
SHA256

9886f4cd2435917517c733aa6a5aea1924b2df5648b1363bd568e2eb8deefeff
SHA512

b98ee4b12ec333b69acac90e4211aec999505ceec5655300e0bc7bee0995bb4681308b29593d462f369a6fc80eeb5d9989b3feb6680fd105113d3ec03d7414e5
SSDEEP

24576:sGvD+mN5+kPqhyOxyAuCT3+DdSUa4TOb7HW:sGvHO0gyFHadb72

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

9886f4cd2435917517c733aa6a5aea1924b2df5648b1363bd568e2eb8deefeff
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 946KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!ep
Size: 406B - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE