0c61b81dfb083b86b4c23c1bfc19ab20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c61b81dfb083b86b4c23c1bfc19ab20
Size

733KB
MD5

0c61b81dfb083b86b4c23c1bfc19ab20
SHA1

b17d6b7bd2129f9c983a737b6cd50ae4eb4eb036
SHA256

e4d1b8c9bb3e05b4e76d5ffce07de3a406ace977efaac743a3943047204fec02
SHA512

b18cf040afc207e70e009b267de2c6c23e29fbec3e9b1b6bdbed94d9f07d500dca09c161c8fef10c6e43e95e49c2144f76e2f1a97b19e2d5cab108071cdd90a3
SSDEEP

12288:pRxwZAWw0jTp0BpbY+IzPtAP38H4KrOO8FRixo0+1tC2aEjJQ2CJL868b+:pRxWAAjt0/C7OrXiCH1tv5JQBJL86N

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c61b81dfb083b86b4c23c1bfc19ab20

Files

0c61b81dfb083b86b4c23c1bfc19ab20
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 94KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 624KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE