6917d22fab671b177511f64cdcc913b91a4b6c19d5c91750c7e57632d748e505 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6917d22fab671b177511f64cdcc913b91a4b6c19d5c91750c7e57632d748e505
Size

6.4MB
MD5

76e8cdb8120939d9f9a73ad0f8d6cb53
SHA1

aa20ed975fec8b0ece4624f9cb0df79a7485ed04
SHA256

6917d22fab671b177511f64cdcc913b91a4b6c19d5c91750c7e57632d748e505
SHA512

7bed091179646953bbd548d4fe07bb5c09185572d3b5e08b165005d6290f2a0ba75dc6abba9b30559097f81f42174a567f220100b070bea9b2bdcc509bc084d3
SSDEEP

98304:6tNSuXAqe3cLKWCgnWUp/6+hnwTUEHS1XFVihpvgzTrq+sxpUzGcqPgl16+V+t4k:6t9cs/6+hnwJHUifE/YUJeWvV+Xnn9h

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6917d22fab671b177511f64cdcc913b91a4b6c19d5c91750c7e57632d748e505

Files

6917d22fab671b177511f64cdcc913b91a4b6c19d5c91750c7e57632d748e505
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

e2ee_CacheClear
e2ee_CacheDecr
e2ee_CacheDelete
e2ee_CacheExists
e2ee_CacheGet
e2ee_CacheGetMulti
e2ee_CacheGetMultiText
e2ee_CacheGetText
e2ee_CacheIncr
e2ee_CacheSet
e2ee_CacheSetExpire
e2ee_CacheSetText

Sections

Size: 454KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 181KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 134KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ