28c6ceff26e8f6eebb7b58eadad36a30 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28c6ceff26e8f6eebb7b58eadad36a30
Size

698KB
MD5

28c6ceff26e8f6eebb7b58eadad36a30
SHA1

8028315e21f520e2bd9fb0c1c445bfe0266de3c3
SHA256

e26caa7898eb812352a4f997471ba5cc29ff017f9aa9ebfd3b1f9a7d5e1e3b64
SHA512

be37a038554f61addb266f84179e28f4f5a303e4e49b5ef915d33fcdc5228200bb7094fe440c62900ad90dbee75f54e1c65c7747bf1b4fa4c1811cdee86ae8fa
SSDEEP

12288:RyVQVwYet0nuC8vAirfKw6WTaTTKDKHOc0lddSROc5khVqj9G:RyVV3CWAbyimGHOcPfjE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28c6ceff26e8f6eebb7b58eadad36a30

Files

28c6ceff26e8f6eebb7b58eadad36a30
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 87KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 606KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE