af09b5d4e44984d28cab948950fdc71710ad848218fb8dd8cd12b19a43578cf0 | Triage

Resubmissions

16/04/2023, 06:54

230416-hpfplsah5y 9

16/04/2023, 06:39

230416-hev2jsah2x 9

16/04/2023, 04:47

230416-ferysaae8v 9

Sharing

General

Target

af09b5d4e44984d28cab948950fdc71710ad848218fb8dd8cd12b19a43578cf0
Size

2.0MB
MD5

df482cf88139b56d182435e615b2052b
SHA1

e670fc8dbf9dfc7be0c6d82b33d644ccba0b4715
SHA256

af09b5d4e44984d28cab948950fdc71710ad848218fb8dd8cd12b19a43578cf0
SHA512

078fdce42ee5dc7038fb7da53310518b509328de9bda8c711d6dbcf2b21fd80254267ff986b256b244a4b6222c9894dc9e8543b2f5c10da6905f36001c89a5d5
SSDEEP

49152:KSzamPIPrqR0Ac0b+O1O6ZH0VGh3Zs+e:KSu6IPrqR0ANjOV4Zre

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Files

af09b5d4e44984d28cab948950fdc71710ad848218fb8dd8cd12b19a43578cf0
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 485KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ