986a1dcee0d022c4352f81b751d338cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

986a1dcee0d022c4352f81b751d338cb
Size

643KB
MD5

986a1dcee0d022c4352f81b751d338cb
SHA1

c783698f91f1edc56419a28e272ae6643d38a081
SHA256

3a9ece35b18fe589242167bbeba7a9af2a2c991fe78f2cd99f6cc725f5183be2
SHA512

ccd29d048b30fb05b5f1305088df9d19343d666f96d00775f2c2765a47d10c18c1109d97489cc0ffa81910d66ddb2c2ae38427626a861f30f6221a98380b7134
SSDEEP

12288:nSbhKxGPq0j6wDklUKcjRP1YvfC06Bmiu+TJuq/3K:nSbqaL6KklUh6va0WDJwq/

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
986a1dcee0d022c4352f81b751d338cb

Files

986a1dcee0d022c4352f81b751d338cb
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 597KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE