3feaaba09135865efefc514a8c9d68f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3feaaba09135865efefc514a8c9d68f1
Size

1.2MB
MD5

3feaaba09135865efefc514a8c9d68f1
SHA1

36e148913c0bce963857b82788e63c5877f7bfc2
SHA256

5fd25bb5f7b59681abb85cb0b3bb47b6adee831f819e135d81ea6a21b1daeabc
SHA512

c2927977dc0bbba08fd53e06afb46324e38a039ac4ab65da2f584d9ddd401c422972512f5596bb244aed03e7aa7a74d09d11f0071dd3b69c51243c6eabb3c3f8
SSDEEP

24576:z3h41DNIhw1i96k1/rmODdzC2rlBVwSzFCXjttXn5Lp2dUgLOiT:z3h415IhrDdzCmxwltt2mQOiT

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3feaaba09135865efefc514a8c9d68f1

Files

3feaaba09135865efefc514a8c9d68f1
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Tranform

Sections

Size: 496KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 656KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE