947082bb261b37c9081ffe3c4f3d6195c744a49b08555c2f129d11bd078299b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

947082bb261b37c9081ffe3c4f3d6195c744a49b08555c2f129d11bd078299b4
Size

2.3MB
MD5

9ed2ce5ca986f357cedf430079f502f6
SHA1

2681572e24b3bf7dbe4f3897314fc64841520840
SHA256

947082bb261b37c9081ffe3c4f3d6195c744a49b08555c2f129d11bd078299b4
SHA512

7ba01d8f052336a5ad36da9a6c78cc26da928aaba28fee0609ab05b9ec30fd643e4201d16cc22740914509509bc34d6f0ca402c9d1aeb3f7fe0b738e58538460
SSDEEP

49152:3LuRRMBaLPqosaC9+0mKYw+Oxtu0UFjQyeN+kT2hWhbeVwK:3LuRUGsaiqKYiu0UFANt0WYwK

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
947082bb261b37c9081ffe3c4f3d6195c744a49b08555c2f129d11bd078299b4

Files

947082bb261b37c9081ffe3c4f3d6195c744a49b08555c2f129d11bd078299b4
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
CreateObject
CreateObjectExt

Sections

Size: 28KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ