71fb8aadf19061b8f71cefe3e9dbd0a7 | Triage

Sharing

General

Target

71fb8aadf19061b8f71cefe3e9dbd0a7
Size

609KB
MD5

71fb8aadf19061b8f71cefe3e9dbd0a7
SHA1

885bfd3a9c6dbe893f1f026b9366cf9a5c6bc95a
SHA256

ddf052ab539770fe72c783f504d9a6142acf481ff97387b51e364ea915dd53d7
SHA512

d4d3c3195b76a564595a017bef99888e91266e558ba503fbbe7d5fd9ea9bb25857714b9b4db78e2a1c65a7e5c38dadaf20d97ee0a251ce90ef63e4153eb69af0
SSDEEP

12288:YAQFu5Q63fqAXAki8CxY9uai2Os3qDz27nk3PpYyxaOT:Y3YTifJoHYDCk/iO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71fb8aadf19061b8f71cefe3e9dbd0a7

Files

71fb8aadf19061b8f71cefe3e9dbd0a7
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 595KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE