d6f7387946d98e6699495bf8520757afc2a694355bb887c9ea6450b706bf77ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6f7387946d98e6699495bf8520757afc2a694355bb887c9ea6450b706bf77ec
Size

2.8MB
MD5

f7991aae51fab9086bb5b6de50f5dcf7
SHA1

be7e1a70647e33010d770d600e3a881b74f1ef62
SHA256

d6f7387946d98e6699495bf8520757afc2a694355bb887c9ea6450b706bf77ec
SHA512

1fbb5e2375ac147a97e750e0bb08263cb659f60a6681ceae385bf96046d01b178416ce56390344f1c029209e2787a0592ad27e5c9e4bfde48e6d92a07936c3e7
SSDEEP

49152:vdwg4Bz0qz8FHOQIYn7hVqXgXWUfQi40wVlEbHuwmAHH9pGz75dbxgJIuV:vdwg4KRyYlNXLfDpAlcOzGEtd+Jr

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6f7387946d98e6699495bf8520757afc2a694355bb887c9ea6450b706bf77ec

Files

d6f7387946d98e6699495bf8520757afc2a694355bb887c9ea6450b706bf77ec
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 658KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 63KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 382KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 47KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ