2b54e2d28bc7a9c694f526713c17208a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b54e2d28bc7a9c694f526713c17208a
Size

700KB
MD5

2b54e2d28bc7a9c694f526713c17208a
SHA1

2682b6dae3b27471e2aeebc8479acf612c36c2ec
SHA256

6074949dd282e0902eddb019172a84227d4caaac123a1f6efa44a0578164ad4f
SHA512

3b1c6e0d48f6bd9511cefeb20e18421d811f20901155bea815a23bb8661a6ed2dd684d05b967c9bb46e11b0ae2648d21b1d376a9d4d99de85257d4aad6879dc9
SSDEEP

12288:pu0C6Dj3g6JzYjve/QH7D0LtXaU6J5N33h3l9UaB/AGz0igPKxQryUpmEqOVtS:puqzw4tL1bk33lVCGz7VxKmEqStS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b54e2d28bc7a9c694f526713c17208a

Files

2b54e2d28bc7a9c694f526713c17208a
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

A6F86D2D67D9403eA725820C4EF210A2
A6F92A92B69B4082AB0F9C7A9C1FF10C
CheckRuntime
EC1DB9C1620C48588C4701045B242FA9
GetCpuID
GetDiskID
GetMacID
MainDLL

Sections

Size: 96KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 576KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE