957b1a13e43fa3800f994389f5a9b4eb13e92756a3102dd56af0927cd33fe68b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

957b1a13e43fa3800f994389f5a9b4eb13e92756a3102dd56af0927cd33fe68b
Size

2.4MB
MD5

2fee9ceae002e0673144201e112ecef2
SHA1

05b064f4cb4fcbb4b8bb07b5b414c17120d736bb
SHA256

957b1a13e43fa3800f994389f5a9b4eb13e92756a3102dd56af0927cd33fe68b
SHA512

61017e6993cefa1b62633c5ab2f6ac6632e2260998a80003d37a680f30339fee787e40434fcbc4021fb12436c21c726e6ed8d64cf9aafc8f9355f691d4ab4f02
SSDEEP

49152:K3bvT3IWiguj9qdPAWNITr1dsN7KIAyLo013GgVcwiz:K3bL4wuJqSWiP1c7fAyLV0U

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
957b1a13e43fa3800f994389f5a9b4eb13e92756a3102dd56af0927cd33fe68b

Files

957b1a13e43fa3800f994389f5a9b4eb13e92756a3102dd56af0927cd33fe68b
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 380KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 513KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ