684D8C185B9FAC8AE1A20FBC2C4B00E4[.]fil

Sharing

Copy URL

Twitter E-mail

General

Target

684D8C185B9FAC8AE1A20FBC2C4B00E4.fil
Size

3.0MB
MD5

684d8c185b9fac8ae1a20fbc2c4b00e4
SHA1

279f61223a012567e4c0a393addb3addc5846f7e
SHA256

e3c985912ca3cc422627ede17b1ec61abf4b163bf53d87ed2df904abe36df51d
SHA512

ba2cd353ef8a6ddee242a7016f482e51b5a044f33ca7ddd386094335aa294650e8cb85bcab9d15b0f5283701db03c87892aea800f4b4477bda447c032f27c4a5
SSDEEP

49152:LuB3wck4vay8GMwS+Dw+o2IljRfQq1PQtrjYoDb7njjf2LYKfh7UnFp61y:LuB1k4aGw+DItzItrb6YKW61y

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

684D8C185B9FAC8AE1A20FBC2C4B00E4.fil
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0RegisterHelper@@QEAA@AEBVQString@@000@Z
??1RegisterHelper@@QEAA@XZ
??4RegisterHelper@@QEAAAEAV0@AEBV0@@Z
?DoRegistration@RegisterHelper@@QEAA_NAEBVQString@@00@Z
?DoUnregistered@RegisterHelper@@QEAAXXZ
?GetEmail@RegisterHelper@@QEAA?AVQString@@XZ
?GetRegCode@RegisterHelper@@QEAA?AVQString@@XZ
?GetRegistered@RegisterHelper@@QEAA_NXZ
?UpdateInfo@RegisterHelper@@QEAAXXZ

Sections

Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 113B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 242B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 13KB - Virtual size: 29KB

Size: 3KB - Virtual size: 11KB

Size: 113B - Virtual size: 1KB

Size: 1KB - Virtual size: 2KB

Size: 242B - Virtual size: 436B

Size: 64B - Virtual size: 60B

.exports Size: 1024B - Virtual size: 4KB

.imports Size: 1024B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.0MB - Virtual size: 3.0MB

.exports
Size: 1024B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.0MB - Virtual size: 3.0MB