b8d9d0246af9b54cab59f2bf519d85a750d6214ce7727da915ca5a3e3fe47770 | Triage

Sharing

General

Target

b8d9d0246af9b54cab59f2bf519d85a750d6214ce7727da915ca5a3e3fe47770
Size

2.7MB
MD5

0cd7d534a24826d1174334c36ec3300e
SHA1

dfa63ad66aaec9bb8cadaf8972a81d1d720384fa
SHA256

b8d9d0246af9b54cab59f2bf519d85a750d6214ce7727da915ca5a3e3fe47770
SHA512

4ea07b9abe9b5d2ed9621bdbf6911d356fd3b70a85e8adc3f29cff86a16ed05354b17e960dbbae974ace4d8d3c7e646cc24aa6e872240fc6c7821951317c3de9
SSDEEP

49152:4n/+vQoitBnsBGmewgIDViZqGCsC8Oa+o8u2lKH5Bsh+7fkFgi01vNbp:4FDOG9wvkqGCsC8Yj+5qui01

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8d9d0246af9b54cab59f2bf519d85a750d6214ce7727da915ca5a3e3fe47770

Files

b8d9d0246af9b54cab59f2bf519d85a750d6214ce7727da915ca5a3e3fe47770
.dll windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 478KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 67KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ