themida_in_patch_2[.]exe | Triage

Sharing

General

Target

themida_in_patch_2.exe
Size

4.2MB
MD5

ec88729db4d0161d63fe9c3b444fbd45
SHA1

edbb30f09c93aaa07a7a0788af61ad93ee44c27c
SHA256

ee305dfab9cb554ad4cbd2fe59b8b000e6eab42cdb00a7d68555276024b8235d
SHA512

28dbda0efb514812d66f8872bed060e7abbe0b2618c81fc1a9c09c2227d172c5f3a8e5c1a0671f5499611eec4ee7417f0fff8a79b2ed20c6ee87e0aeedc4052a
SSDEEP

98304:UhXUDteV9KyM5fwMedo2AX6x38eurs19eOpI0mAN3tKenT:E8euCpIT+3sa

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
themida_in_patch_2.exe

Files

themida_in_patch_2.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE