b7553171620cc3fa4c7c89e7c1ddc46b2c8d333c6a068e0e241373683ab92d60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7553171620cc3fa4c7c89e7c1ddc46b2c8d333c6a068e0e241373683ab92d60
Size

2.8MB
MD5

12be739ef20d9c2b63f40b10b0b9505d
SHA1

4d43c28e63461ed3a7f96c18b3e44566d7ee95d1
SHA256

b7553171620cc3fa4c7c89e7c1ddc46b2c8d333c6a068e0e241373683ab92d60
SHA512

e7e5e7ca3aa3b8e1c352524697557800d3cb38391f6fdb03f9733cc939d22f3dbbd75bbbfa173aac969aca09519ee3e05b62cd75cff25ab2f2a81c79f27ac062
SSDEEP

49152:asZwOA0Q92pSgj/w68Lj0x49weZO89ETjLhyMi33oin/tIe0ppYflqZtvM2G6:asrA0TBl8Z9JOY3omv0pWShMm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7553171620cc3fa4c7c89e7c1ddc46b2c8d333c6a068e0e241373683ab92d60

Files

b7553171620cc3fa4c7c89e7c1ddc46b2c8d333c6a068e0e241373683ab92d60
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FireTeam

Sections

Size: 126KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ