528ae998c9ee4a01354761090c857065c67b0250b35d07d523b7a6e155c8f86b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

528ae998c9ee4a01354761090c857065c67b0250b35d07d523b7a6e155c8f86b
Size

2.3MB
MD5

c53177c10457c5db8bdd523790f8b453
SHA1

36e59c429900fc09cacc7aa917d246375539d605
SHA256

528ae998c9ee4a01354761090c857065c67b0250b35d07d523b7a6e155c8f86b
SHA512

fc6535eee5206374993695942ea80c4d5926316d07b2cd26de8fe36614febbcbe800027f9a7bf4200b3dd3288cb38e0d3e4b2b29494d8a56933016351e1aaea2
SSDEEP

49152:L+sA7GPKh3EOdx1AWgWrDGlm9ZLcLif4O2NZMBzO+8fKTMT:rAiCh1v1AdW/Gc9KmfN2PLRI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
528ae998c9ee4a01354761090c857065c67b0250b35d07d523b7a6e155c8f86b

Files

528ae998c9ee4a01354761090c857065c67b0250b35d07d523b7a6e155c8f86b
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetProc

Sections

Size: 144KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ