81ff4cdf176564689293e7ac919f5319bc86919f7ac4ba9fecbe3d0db354395e | Triage

Sharing

General

Target

81ff4cdf176564689293e7ac919f5319bc86919f7ac4ba9fecbe3d0db354395e
Size

3.9MB
MD5

70c812511a38e36a8ebf7020a719c90b
SHA1

d43602cae630b11667f25afc01dba76da6bce4df
SHA256

81ff4cdf176564689293e7ac919f5319bc86919f7ac4ba9fecbe3d0db354395e
SHA512

9c43de1530088957ae4f0b5eb95c2a68738844b54e24b6af4485874f72f569f500b37d3be783de171c028d4c68fa7288d492a0ba95594b5ced63354a7a296e7b
SSDEEP

98304:RB6s3sojxvXvMLeYhm0gdoD8OScRCYsgJ:Oij0gdoAOFTJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81ff4cdf176564689293e7ac919f5319bc86919f7ac4ba9fecbe3d0db354395e

Files

81ff4cdf176564689293e7ac919f5319bc86919f7ac4ba9fecbe3d0db354395e
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.MPRESS1
Size: 196KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ