6dee163800c211604942c25ca0e7d4d2151376a0cf4060edcaa0fe2f5244a3e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6dee163800c211604942c25ca0e7d4d2151376a0cf4060edcaa0fe2f5244a3e0
Size

4.6MB
MD5

a232a15fd04a9affa0917cdc5c88e68a
SHA1

f32d05590eb902efdd637c2a79f3a5b47e04f797
SHA256

6dee163800c211604942c25ca0e7d4d2151376a0cf4060edcaa0fe2f5244a3e0
SHA512

be7c19a50ebe1fdb448ccff9cd38e4e3fb5bef08d8415a7264ea75cfdcabba05f3724bf96523b743b9868fe120adc1292aa7cf51999e7ad0f73c6c650b4565c1
SSDEEP

98304:0NxuKuXho5eNKxkbfTn0Bi7tXJErIUfjR+k7CIAF7AG6QMFq:0NxuKdd60Bipd+jR779A6VQMFq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6dee163800c211604942c25ca0e7d4d2151376a0cf4060edcaa0fe2f5244a3e0

Files

6dee163800c211604942c25ca0e7d4d2151376a0cf4060edcaa0fe2f5244a3e0
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ReadScriptPVF
ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

Size: 377KB - Virtual size: 759KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 160KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ