98d4f5e11e07f870b01e1141a1a9d95da3dff8ccdb29894ff26250cb1ed22743 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98d4f5e11e07f870b01e1141a1a9d95da3dff8ccdb29894ff26250cb1ed22743
Size

3.0MB
MD5

9c04ad7f203722154a67af4726650892
SHA1

978adc11ed4a1936869a8d159c51fd844f2aa86f
SHA256

98d4f5e11e07f870b01e1141a1a9d95da3dff8ccdb29894ff26250cb1ed22743
SHA512

c0759cd97546396f374fa7c128dcc03d5339f93a05591728a0565a725a54f9677174c6df722657f793e85fd43766cff8d53fa2d58cef2c870136ac90d7021756
SSDEEP

49152:IvInJiuHTTYhJwYln6I6tlb9e62Oh9hjAJynmU0egBkulGYh91pE6eQhdPM51jTC:Xnk4TYD6pJBr9hjCynmQgBJQG5fbMjTj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98d4f5e11e07f870b01e1141a1a9d95da3dff8ccdb29894ff26250cb1ed22743

Files

98d4f5e11e07f870b01e1141a1a9d95da3dff8ccdb29894ff26250cb1ed22743
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 658KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 63KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 385KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ