8CE0B787ADB620218110DC79B3043045[.]fil

Sharing

Copy URL

Twitter E-mail

General

Target

8CE0B787ADB620218110DC79B3043045.fil
Size

7.8MB
MD5

8ce0b787adb620218110dc79b3043045
SHA1

e79787710f4661eb02f6f408d0e2d7707e8f4395
SHA256

9d83407d96e73e7fa042dc1c0d80c9de04ef22621c14a712b552ebc34e119919
SHA512

c6924db3a4f92e75ff8a7d5bc032447164491fac9714ad45dd0ecd9f6c7372e4804dff9a6851d8810b91675fdeac3760dc1a1cbd3031a21a9d3b152f13e728fd
SSDEEP

196608:6QI1BrvUPjv1Sz35rrCYbCKESgKdnGdi7cMfU4Ch:jYrvWNurrChKEqQ21fU4Ch

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

8CE0B787ADB620218110DC79B3043045.fil
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

SHGetFolderPathA
SHGetFolderPathW
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 1.6MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 869B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 152B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 72B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 188KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 2.8MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.6MB - Virtual size: 4.2MB

Size: 8KB - Virtual size: 17KB

Size: 49KB - Virtual size: 111KB

Size: - Virtual size: 32KB

Size: 1KB - Virtual size: 16KB

Size: 869B - Virtual size: 2KB

Size: 152B - Virtual size: 208B

Size: 72B - Virtual size: 68B

Size: 188KB - Virtual size: 355KB

Size: 2.8MB - Virtual size: 7.7MB

.exports Size: 512B - Virtual size: 4KB

.imports Size: 1024B - Virtual size: 4KB

.rsrc Size: 58KB - Virtual size: 58KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 3.1MB - Virtual size: 3.1MB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 58KB - Virtual size: 58KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 3.1MB - Virtual size: 3.1MB