cd1835c56a6e74ae6c209d7c7fa9cbe1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cd1835c56a6e74ae6c209d7c7fa9cbe1
Size

540KB
MD5

cd1835c56a6e74ae6c209d7c7fa9cbe1
SHA1

d81b32b53f9985fef7796329f0e84227962faa14
SHA256

eaeba7ab66f3da59dfe73fbe4267ad83a3b0cb6ab2fe76282ae8e98229627621
SHA512

753ccae5812317581115b462e83d92b55689bacf9df2d1785c948b1a8b5bfe1ce01cad9717e9dfa0975a36274f4d55b6dab6eec5a0945a7c1d37f438c22feead
SSDEEP

12288:Z5KE05zLZwMXrRLnGrIPXfNwOC92gQyt1G4QPCsgnY4kIIrrqSM4n++D:XKuM1GrMoQM6Cs2nerr1D

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd1835c56a6e74ae6c209d7c7fa9cbe1

Files

cd1835c56a6e74ae6c209d7c7fa9cbe1
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

start

Sections

Size: 24KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 508KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE