d326199298f62f3747bed6b735046a20N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d326199298f62f3747bed6b735046a20N
Size

645KB
MD5

d326199298f62f3747bed6b735046a20
SHA1

824bb42cef789f923d17b99b54fad3b7f543ec07
SHA256

641478a558e62cde65b6117fa8f5fe4ad165d411ac5bf7574f1304d9d8816320
SHA512

4af3b82740d0e09f343f77813a728ef9d82cb6e0ccd11bbecef1f4e9be5994847629c301220ab82a4f9675aa3e923e6f3120333425b368c21a94f6bc12386f5b
SSDEEP

12288:HmqBIXza25CVonKkrMdW04oXGaRGbbcP+ZePdqaO8r+WVd8j4CcjKMhK:GQIXzT5GSgdWBaRc++ZePdqaLMj4tKW

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d326199298f62f3747bed6b735046a20N

Files

d326199298f62f3747bed6b735046a20N
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 631KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE