0a071eb59df8f43175f3f844827b12ff31c5361cf5f26e23649fbeb272593a50 | Triage

Sharing

General

Target

0a071eb59df8f43175f3f844827b12ff31c5361cf5f26e23649fbeb272593a50
Size

2.9MB
MD5

8d4d1ee1228799d010934fd4dedb3ffe
SHA1

d9efbc00002d1a094f58db2884e26598a07022bd
SHA256

0a071eb59df8f43175f3f844827b12ff31c5361cf5f26e23649fbeb272593a50
SHA512

4c23ed462afa3b80d6789b39bb44d95c57a753d4b125d21cb2be5e04d20477fd23d39435a387a812f026158985225941eba003f6fe85f7d7d514f7cb1dfcb57a
SSDEEP

49152:D2/eExls6cyHD+no7ukAmoa1S5UCb4YtZshMPElvRybdYpgO/PpTQy:CRrswHD5i0akSZZPGRCYpgO/X

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a071eb59df8f43175f3f844827b12ff31c5361cf5f26e23649fbeb272593a50

Files

0a071eb59df8f43175f3f844827b12ff31c5361cf5f26e23649fbeb272593a50
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Smallnine

Sections

Size: 326KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ