a988a4f3652eaa34b874080da1cbb70223bac6760e318064f4f23b69bf823330

Sharing

Copy URL

Twitter E-mail

General

Target

a988a4f3652eaa34b874080da1cbb70223bac6760e318064f4f23b69bf823330
Size

4.1MB
MD5

2ae15c4884a84f7b4f9fb4f461d6936c
SHA1

d4a55f83d824ae541212c714b842487f21270435
SHA256

a988a4f3652eaa34b874080da1cbb70223bac6760e318064f4f23b69bf823330
SHA512

ac54be94cb04914f6cbb4cba1c832b5a243cfc97cfa21334a3041b21b5ebbe3c4b1cbe7ca124eb85ccc2a6729db6a0b0942d955ed26c8e154e91815e40502c84
SSDEEP

98304:Bq8xA4MWyDfELFxDikiFF8zbqJVF3EPoouzoXreyzzU:Bqj4MERBKFF8XqvF3EVuzoz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

a988a4f3652eaa34b874080da1cbb70223bac6760e318064f4f23b69bf823330
.exe windows x86

e40757489f9bf9a0a0c1e0329f45b1df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

µµµµ
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

µµµµ
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

µµµµ
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e40757489f9bf9a0a0c1e0329f45b1df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: - Virtual size: 41KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 5KB

.reloc Size: - Virtual size: 5KB

Size: - Virtual size: 526KB

.idata Size: - Virtual size: 4KB

µµµµ Size: - Virtual size: 27KB

.themida Size: - Virtual size: 2.1MB

µµµµ Size: - Virtual size: 1.5MB

µµµµ Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: - Virtual size: 41KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 5KB

.reloc
Size: - Virtual size: 5KB

.idata
Size: - Virtual size: 4KB

µµµµ
Size: - Virtual size: 27KB

.themida
Size: - Virtual size: 2.1MB

µµµµ
Size: - Virtual size: 1.5MB

µµµµ
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 27KB - Virtual size: 26KB