be8e8b8a0b4ab5f9c65f80a58f57ee79d0650bb54a99cbb9d8d02fed4f8739ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be8e8b8a0b4ab5f9c65f80a58f57ee79d0650bb54a99cbb9d8d02fed4f8739ce
Size

2.2MB
MD5

a621cfe0ad2910f7ddc89099cb4abc11
SHA1

f3860c99a3365ee322206c93e77ae0e6e57f88e2
SHA256

be8e8b8a0b4ab5f9c65f80a58f57ee79d0650bb54a99cbb9d8d02fed4f8739ce
SHA512

2cce9c2b28ceafe14cb9ee4085ae1758a23a2774af34d212983b967770f5b6c7375199ec41d5ffb01c5fdce50e5508a67d094e13a2659d58218456dcdabb0747
SSDEEP

49152:mSpUdiSXeMWVRpG+NpO4wcPGaWn7hsqXFNpuOiRxMG6UIM0:mSp0i4p+Lb3wcPGaWSqjpouG6UI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be8e8b8a0b4ab5f9c65f80a58f57ee79d0650bb54a99cbb9d8d02fed4f8739ce

Files

be8e8b8a0b4ab5f9c65f80a58f57ee79d0650bb54a99cbb9d8d02fed4f8739ce
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
CreateObject
CreateObjectExt

Sections

Size: 51KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ