81fc4a18e78d15fe37ef6e846d494493b7981d414873094bcd5d7550ef3b225b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81fc4a18e78d15fe37ef6e846d494493b7981d414873094bcd5d7550ef3b225b
Size

3.1MB
MD5

9ea31c1d08da9161b4ce3201067e75e7
SHA1

6a81e192e79cab704f5e058369140d79ca9efbc6
SHA256

81fc4a18e78d15fe37ef6e846d494493b7981d414873094bcd5d7550ef3b225b
SHA512

a86b33c157617a1d06f4f840a62f0d1a08a06313e2ef92fb6edc720009d29ec2b731dedb9cd8d4b11ca38ca4feec109956c3d9a448b5fdae08c63fc88f77a89e
SSDEEP

49152:Uskx/MHTq1INjQZHsLfnQpxw/iDNrxlUx01JnYHQx8krUVgH:qZIBQpO3aFlUx0rn2HkrUV

Score

10^/10

themida

Malware Config

Signatures

Detects executables packed with Themida 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Themida

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81fc4a18e78d15fe37ef6e846d494493b7981d414873094bcd5d7550ef3b225b

Files

81fc4a18e78d15fe37ef6e846d494493b7981d414873094bcd5d7550ef3b225b
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateItemManagerProcess

Sections

Size: 768KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 381KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ