5bc416b301ebff9dc682bab54ba56fe8a66d1da93c044267ceff18983af9b1e3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bc416b301ebff9dc682bab54ba56fe8a66d1da93c044267ceff18983af9b1e3
Size

3.8MB
MD5

f4f519b0c9ca517e5e613753eb58ba0c
SHA1

e76fdfcd9115c815d88649a82cdf42a3244a7fe5
SHA256

5bc416b301ebff9dc682bab54ba56fe8a66d1da93c044267ceff18983af9b1e3
SHA512

ab7720254d4b33bd34b5387d3b06f11e8a46434db2ed2fa4a16710a730412256f19a05b11b204847b71fc2284ea74a30dc1ec5fbdbc0a87bd1dea7c37db78930
SSDEEP

98304:0BeITkhTkAO9DZm0RYhOYiEH6kZ0T5z5oWYUiEgauf0:iAQAQZm0RKao0h5hx60

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bc416b301ebff9dc682bab54ba56fe8a66d1da93c044267ceff18983af9b1e3

Files

5bc416b301ebff9dc682bab54ba56fe8a66d1da93c044267ceff18983af9b1e3
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ