7d61cd623b2cfc38b74aa5e1b413a92f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d61cd623b2cfc38b74aa5e1b413a92f
Size

1006KB
MD5

7d61cd623b2cfc38b74aa5e1b413a92f
SHA1

6cec71e0c7c812456e93da04bae4eb687228b4ec
SHA256

e73ac8cca3bf19881e3e9561ca6140717473ac5a27b2357a3eea3fe1db07b1cd
SHA512

61d5e827908fb598f7a99e4f95788abc1e8718b31c1fb956da8d8379148b1cc6ee33b92e2d3c58fbc91bc39e12fe17b8c30e4d7b6970e9d9d071af4c5478f3c0
SSDEEP

24576:A6IOgs8w2uoGpaFVXTA9Q4NlUbWgMbhBGmg0O:APOgiYVXTQlUbFaGmdO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d61cd623b2cfc38b74aa5e1b413a92f

Files

7d61cd623b2cfc38b74aa5e1b413a92f
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AssignNewSpr
EncByte
GetRef
Renew

Sections

Size: 335KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 642KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE