d656a62f08dde52be26c66982ce2c2bb0ba89770ecf2b7ba7192d7dbb4231a71N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d656a62f08dde52be26c66982ce2c2bb0ba89770ecf2b7ba7192d7dbb4231a71N
Size

2.6MB
MD5

c9c16aaea767e39d89ed37f5b0df7570
SHA1

ac552b96d875b3f26b4e5f92f8b878ba6a2f8026
SHA256

d656a62f08dde52be26c66982ce2c2bb0ba89770ecf2b7ba7192d7dbb4231a71
SHA512

ff4ff8e580b2d2bcac383aa97d9c6674e042c2b97d5fa9c5afffcc9a67501dd57d98b3e1b5ea214a0d2870903767979cdff1aa84230cf1c84d9ee416a10d440a
SSDEEP

49152:K957Gpz7BO9fJ0+ok7j4qqOvvSMjuoQgoXPcBJcBx3s/wWdcSOWyoAKuqt9CkqA0:G1Gl7BO9xmk7j4yvjuR/cJsVs/3crfQs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d656a62f08dde52be26c66982ce2c2bb0ba89770ecf2b7ba7192d7dbb4231a71N

Files

d656a62f08dde52be26c66982ce2c2bb0ba89770ecf2b7ba7192d7dbb4231a71N
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: 558KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 337KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 117KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 42KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ