3883d03066e5bd45016c1f77efb07dcc114d998e2fddf5b0036f393d8d4df2b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3883d03066e5bd45016c1f77efb07dcc114d998e2fddf5b0036f393d8d4df2b6
Size

2.8MB
MD5

13025e35d1340b7fd23b7b45d46c238d
SHA1

3e73c896543983c957d033065c49f2c421ab7660
SHA256

3883d03066e5bd45016c1f77efb07dcc114d998e2fddf5b0036f393d8d4df2b6
SHA512

8b0092b3412786bb8e315f3f4a4b89cb516a803f014b81718a78d42a1e803284c2b87263dc2401426ed1e31b29bb3fba890f6120bf46363e5b01074c94bd4985
SSDEEP

49152:zWfN31GfL2UZa9S1ZXbzWLa5Dbub2ASz9z4J72iakXFrGVmYtHVel:gN1+qUZUSvXbz552yASJz4HBYtc

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3883d03066e5bd45016c1f77efb07dcc114d998e2fddf5b0036f393d8d4df2b6

Files

3883d03066e5bd45016c1f77efb07dcc114d998e2fddf5b0036f393d8d4df2b6
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DiagnoseElse

Sections

Size: 452KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 20KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ