iwcfbelmib[.]glf

Sharing

Copy URL

Twitter E-mail

General

Target

iwcfbelmib.glf
Size

8.9MB
MD5

64407b3d50b351fb556850b5004ab591
SHA1

7ea3ed01bb26aaa7a90edd1c4fceea2de7ecebe1
SHA256

204f4aed39fc7625256f5f48812d8881c7f79b692bac0b0a484aba93205e061a
SHA512

25c0343283bb2097d135918c2eb61c8828575b4bef97a831577a321364ded073808c8588e391d681566974ef5ac192dd36ecaa4e05befddeb0b0e11833ef9e96
SSDEEP

196608:L/iXL4w4ygSB4O8wKy46/mL3HrszAzT5Ettp+MekmbRQQ5rJ7onpU:LQdfBV8wKK/uHYzAzdEl+MeLVQQ5rJcp

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

iwcfbelmib.glf
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
a3cb8bek0gx2yq34508xulv
dbkFCallWrapperAddr

Sections

Size: 3.5MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 441KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 72KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 3.5MB - Virtual size: 10.0MB

Size: 11KB - Virtual size: 24KB

Size: 136KB - Virtual size: 230KB

.bss Size: - Virtual size: 45KB

Size: 1KB - Virtual size: 17KB

Size: 1KB - Virtual size: 3KB

Size: 512B - Virtual size: 193B

Size: 512B - Virtual size: 69B

Size: 441KB - Virtual size: 809KB

Size: 72KB - Virtual size: 339KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 4KB

.themida Size: - Virtual size: 7.0MB

.boot Size: 4.8MB - Virtual size: 4.8MB

.bss
Size: - Virtual size: 45KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.themida
Size: - Virtual size: 7.0MB

.boot
Size: 4.8MB - Virtual size: 4.8MB