bf89e00364c361a38d01065c981ad41d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf89e00364c361a38d01065c981ad41d
Size

629KB
MD5

bf89e00364c361a38d01065c981ad41d
SHA1

885198197008d6147ba721c929f288cf12779b3c
SHA256

645ebab49e97a20cb846b350bca3d3cd1f5741ae6806c4a4ca7c3c6613b8b320
SHA512

9b07a038f30c02b6bfa42303ee0dd6b37f53817049327fbf6c5e1ec0caf2561fbe82756b77550e6ac0d47ee86b3bc296f358e8baf10fe1d33be55e7f0dbb5e1f
SSDEEP

12288:j6GxcU55Cm4NW4RhQIkjQ2Ssj/synqw4A4wSjUD/kLt7d+TgGgq:mGlCm34RwMdW4wAwXw5rGgq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf89e00364c361a38d01065c981ad41d

Files

bf89e00364c361a38d01065c981ad41d
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 585KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE