2eb55630ffab9f62a0e4352c00b15f9c71802c77c0251276bce75b77147b45e0

Sharing

Copy URL Twitter E-mail

General

Target

2eb55630ffab9f62a0e4352c00b15f9c71802c77c0251276bce75b77147b45e0
Size

14.7MB
MD5

bda820b9014da632aa75ec7267503102
SHA1

57684e62ce0def5b885f57030f923b0003a2b1fc
SHA256

2eb55630ffab9f62a0e4352c00b15f9c71802c77c0251276bce75b77147b45e0
SHA512

8992f6fa02550feaf0eab8241adfa2ebdffc77ad73f51f16ba00542c8d0b607bdff6795673d3038d834904d85cf8d203c50161c8c0a04f35a9b74b174c833d65
SSDEEP

393216:C3MYxkoEia3EzDoeldccdxLJSf1rFZ1xyZs63/U:qLJtHzDoeQits51x0S

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eb55630ffab9f62a0e4352c00b15f9c71802c77c0251276bce75b77147b45e0

Files

2eb55630ffab9f62a0e4352c00b15f9c71802c77c0251276bce75b77147b45e0
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

Size: 1009KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 113KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7.9MB - Virtual size: 28.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 145KB - Virtual size: 1001KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 52KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 1009KB - Virtual size: 2.7MB

Size: 113KB - Virtual size: 330KB

Size: 7.9MB - Virtual size: 28.1MB

Size: 145KB - Virtual size: 1001KB

Size: 52KB - Virtual size: 67KB

Size: 512B - Virtual size: 25KB

Size: 2.9MB - Virtual size: 2.9MB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.6MB - Virtual size: 2.6MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.6MB - Virtual size: 2.6MB