a46c0e26242cdb936c30def74bd06a81b0c49d76142d62fb8db83637c2c1622b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a46c0e26242cdb936c30def74bd06a81b0c49d76142d62fb8db83637c2c1622b
Size

1.3MB
MD5

0ae42af5a050dda8553866d44fca496b
SHA1

ac332c4a6be7911ebe01b88967f8cf8a1d88b1aa
SHA256

a46c0e26242cdb936c30def74bd06a81b0c49d76142d62fb8db83637c2c1622b
SHA512

1d22e1a874b7ab016f31cd4d45e6ef43a610e4b48f35b122ddabef0d8ec0727713db4f3ade58fcbbe1130a08c2f827e3813d87e8e9165f409361efa78d12c277
SSDEEP

24576:FHis9NPVBbIo7FTOkuqO9Dwt/2qgA48W6SBHc0L8+i:1isNBbIoxTOlnuuCWlqb

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

a46c0e26242cdb936c30def74bd06a81b0c49d76142d62fb8db83637c2c1622b
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 403KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 334KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 634KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE