ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce

Sharing

Copy URL

Twitter E-mail

General

Target

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
Size

5.4MB
MD5

298a8a69908571fb0aa37db11f042180
SHA1

e127b71a42428afccb723ef357492df9b20dfe28
SHA256

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
SHA512

1188c79240ddb3720fa3db360f4425fb351d7caa2e721c3e3e5dfc18bad75f8c1f47c94a87eada54f95217729829a18f320e41bd700ea84b19d7a29f013b67b2
SSDEEP

98304:ML3QMlZlfuxCGkpLOj2UsnTYJCIWT0iqaPxOn41izxz3VcUoSvNY0:MjQMlZlfvS2hTYAIWZqEd1SxpW0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
sample	themida

Files

ab3d8c58a33fd90eca17dc079eb05469bbe535b16eb653810f134df888e230ce
.exe windows x86

389f0462c1e85b652078236809a76242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ƒ†ƒ�
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ƒ†ƒ�
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ƒ†ƒ�
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

389f0462c1e85b652078236809a76242

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wtsapi32

user32

Sections

.text Size: - Virtual size: 41KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 5KB

.reloc Size: - Virtual size: 5KB

Size: - Virtual size: 545KB

.idata Size: - Virtual size: 4KB

ƒ†ƒ� Size: - Virtual size: 25KB

.themida Size: - Virtual size: 2.9MB

ƒ†ƒ� Size: - Virtual size: 2.3MB

ƒ†ƒ� Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: - Virtual size: 41KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 5KB

.reloc
Size: - Virtual size: 5KB

.idata
Size: - Virtual size: 4KB

ƒ†ƒ�
Size: - Virtual size: 25KB

.themida
Size: - Virtual size: 2.9MB

ƒ†ƒ�
Size: - Virtual size: 2.3MB

ƒ†ƒ�
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 25KB - Virtual size: 25KB