d09ae8560e353a8169989ec99c5ebd49a4467c2ca7548c43b06d67db23a4d7e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d09ae8560e353a8169989ec99c5ebd49a4467c2ca7548c43b06d67db23a4d7e8
Size

4.4MB
MD5

9a657e0702fcc1752661da9092f5e778
SHA1

f166d259fb16820c8cf3654354418785719869f4
SHA256

d09ae8560e353a8169989ec99c5ebd49a4467c2ca7548c43b06d67db23a4d7e8
SHA512

8425d95abc0b69fc09e57da01e4a80a5e2bd62476c4e00f4b97236e4eb823a8b25b3d5a6f8add25a8ccd0eb9fb5a48dc73d146e3a2e96343eb548bd123edcce2
SSDEEP

98304:TIwyfmIiiaij47/rzcRh+dUf3JoXKb09MWlxPeR171h6FnHqx8:TIwyeIiiFj4scdT6b091xGBh6FP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d09ae8560e353a8169989ec99c5ebd49a4467c2ca7548c43b06d67db23a4d7e8

Files

d09ae8560e353a8169989ec99c5ebd49a4467c2ca7548c43b06d67db23a4d7e8
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ReadScriptPVF
ijlErrorStr
ijlFree
ijlGetLibVersion
ijlInit
ijlRead
ijlWrite

Sections

Size: 377KB - Virtual size: 763KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 160KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ