6cd5f3caba368102bcdab197414326e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6cd5f3caba368102bcdab197414326e3
Size

637KB
MD5

6cd5f3caba368102bcdab197414326e3
SHA1

15313c19fc0f442be998c405d2edd79006ab8b70
SHA256

e4427e0ac4484fecbed77ba4b232be7bb7fcbd154a877126f1d15cee5777214e
SHA512

2b804a48da189426edc01bd5a8abb3cdd8004171686952cd70925e2bb80586fd5f38ce1c28a9382361ed9ea2fb867cfaf893135c76d59a98f0fde3c11862b4b6
SSDEEP

12288:Te+lPX8sOcAyHWo8Tw5ZweCsicJpLsVsFnHvi4KbHZNuZ2zbW+pQs6:emFd5ZweCBkOVsxvxKbHZNp5qs6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6cd5f3caba368102bcdab197414326e3

Files

6cd5f3caba368102bcdab197414326e3
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 21KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 610KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE