5c8d9a06156df210a3d495dc695db6a55cb923e3bac3a0da517c14c6f77df63a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c8d9a06156df210a3d495dc695db6a55cb923e3bac3a0da517c14c6f77df63a
Size

2.3MB
MD5

b3f8347d2fc58b70eaca04e090b309f7
SHA1

bd173cbc16ddf4b31a882ed6f04031771883afd6
SHA256

5c8d9a06156df210a3d495dc695db6a55cb923e3bac3a0da517c14c6f77df63a
SHA512

8bba479f4d9ad7a17285a05cb1bc2eb2c80f28660fe847bf3be9d85562bc73ed6ddc408e533f91eb4385a8ec901ba7b318d655b3b2c7eaa3feb3ae9a935297a4
SSDEEP

49152:gVG/ml4P2WuIURaLxRgcMKeOqcSWyeJ7JMZ1IPmBDoCu3ONjF2NjT:gVG3P2RIjLxRgcMbczRPP7D+Cj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c8d9a06156df210a3d495dc695db6a55cb923e3bac3a0da517c14c6f77df63a

Files

5c8d9a06156df210a3d495dc695db6a55cb923e3bac3a0da517c14c6f77df63a
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DiagnoseElse

Sections

Size: 156KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ