b74458febdb02a99dc473345117fadf004cd8d5a03bb300dbba823c1a3c3c328 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b74458febdb02a99dc473345117fadf004cd8d5a03bb300dbba823c1a3c3c328
Size

945KB
MD5

005679cfec1887cf8552f01542c7e99b
SHA1

efc541b5ae36bdf4f340b1367c51b592d1d3b52e
SHA256

b74458febdb02a99dc473345117fadf004cd8d5a03bb300dbba823c1a3c3c328
SHA512

8c17f0e1e06b0e5eeee3cd8d28a83b126198d62405e106131cd7d840bd2cb8fdae0d7349ceb1278202b6ff82dc58690fa823a896c91f2dd1ba9567944786a6a4
SSDEEP

24576:Ioo5x2BkHHRttGhbS8S41e+1HTZ0g7+F:I95eAGh+88MHN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

b74458febdb02a99dc473345117fadf004cd8d5a03bb300dbba823c1a3c3c328
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 223KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 695KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE