de4773f30616c5683f88a1b19439a27e | Triage

Sharing

General

Target

de4773f30616c5683f88a1b19439a27e
Size

452KB
MD5

de4773f30616c5683f88a1b19439a27e
SHA1

8b2af25ff00674dffa1b82cef490b5b4b2ee1c6a
SHA256

3510acfd881aad5a740a933a96458f9147722b184c9970edfb86fc34a9bfe7ef
SHA512

6fa9147c3f41f5d6481cb501aeb76e528ef6ad6104fc559080e227c14b0f9c467af4fefe693fa09f52faf8dba5920fdef75f1d3688008d8bede6bbf804d0f45c
SSDEEP

12288:CLgUAsuFz4B3Nd6ykj49cemR9yl3rx7KY:c3nE+3iyXcemRMhx7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de4773f30616c5683f88a1b19439a27e

Files

de4773f30616c5683f88a1b19439a27e
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

start

Sections

Size: 24KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 420KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE