adb8bd8358049c2093d3d281812fe708f6603c8cccf3d4b9ce76e1aebb1001a4 | Triage

Sharing

General

Target

adb8bd8358049c2093d3d281812fe708f6603c8cccf3d4b9ce76e1aebb1001a4
Size

4.6MB
MD5

2c948a31c4ec0ad94685bfd29d55079f
SHA1

632ea29fc9b1e4476744d57fa1d2ce5900f1f0c9
SHA256

adb8bd8358049c2093d3d281812fe708f6603c8cccf3d4b9ce76e1aebb1001a4
SHA512

06dcbbc6b3ad2c70cea61abb5326b4a642677b64b259d37857b2624d4f7d9a49faed9adbc002fa2d21c2569392f7dd1e3e9fe4a88e29bff7c699d3a20b307053
SSDEEP

98304:92JFi6DOJ8hYNxHvbSB3/NHrhRYzLGIIN7LINS0lRwqNOoMenl7NTXO7t2:92jxDOJ8hYaBPHRM1gUxlRrNOoMElVXH

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adb8bd8358049c2093d3d281812fe708f6603c8cccf3d4b9ce76e1aebb1001a4

Files

adb8bd8358049c2093d3d281812fe708f6603c8cccf3d4b9ce76e1aebb1001a4
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ReadScriptPVF
ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

Size: 378KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 160KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ