jKPeSMhaBb[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

jKPeSMhaBb.dll
Size

9.0MB
MD5

71de56304b7c5bf604a2c63c27fee89b
SHA1

84b63bc607afa5ed4401a618e896f5a511dbeb20
SHA256

7941b73b753797e4926d9df968f5e6b101dc23d7312569ae2af784262f532353
SHA512

ee7f465a235ec63163a4ac93e0b120daf7b1e66a11ef0046a87f9d90923760ea47882fc5eda5a1caf8814fc2e0e74cd769c9b88e0de7488701c9b9556edbf406
SSDEEP

98304:EuPf0dAbnb6KRo01Xc8WGXEzuntZR+SmSJWrEV7xFKXkHAO+D1W0r0jLQ/2WxIil:EQb6T0R0rOKI+5W0Ag/2FpgSm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

jKPeSMhaBb.dll
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
iT139Ryxx4jfxek4N0wk

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 38KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 52KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.itext Size: 15KB - Virtual size: 14KB

.data Size: 184KB - Virtual size: 183KB

.bss Size: - Virtual size: 38KB

.idata Size: 16KB - Virtual size: 15KB

.didata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 190B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 388KB - Virtual size: 388KB

Size: 52KB - Virtual size: 244KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 3.7MB - Virtual size: 3.7MB

.text
Size: 4.7MB - Virtual size: 4.7MB

.itext
Size: 15KB - Virtual size: 14KB

.data
Size: 184KB - Virtual size: 183KB

.bss
Size: - Virtual size: 38KB

.idata
Size: 16KB - Virtual size: 15KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 190B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 388KB - Virtual size: 388KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 3.7MB - Virtual size: 3.7MB