3c9da7e940d3abf6105c1d1eca3687bc6f5743d875735b8423f17ed772bc207a | Triage

Sharing

General

Target

3c9da7e940d3abf6105c1d1eca3687bc6f5743d875735b8423f17ed772bc207a
Size

2.7MB
MD5

74df526100e2457ee827812c7d6ad1f6
SHA1

5588f31515eb9280e97cbd6086049c3a27d0bfc9
SHA256

3c9da7e940d3abf6105c1d1eca3687bc6f5743d875735b8423f17ed772bc207a
SHA512

f9e812d8017666dc42eb675fd7fe3c8f5b6a8cb33176b1d49ed33479d41a33908c87e592e434afd53452016169dac30011d34d5209c2a106a29b5ffd38f58b27
SSDEEP

49152:Rk0KtGLCDovbsZmekBtjnukVIeY5EKEB4rQlnQjPXyOTRySFejg6:fLRAqbVc5EZWPituKg6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c9da7e940d3abf6105c1d1eca3687bc6f5743d875735b8423f17ed772bc207a

Files

3c9da7e940d3abf6105c1d1eca3687bc6f5743d875735b8423f17ed772bc207a
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 430KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 64KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 511KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ