ckpamhwutf[.]mom

Sharing

Copy URL Twitter E-mail

General

Target

ckpamhwutf.mom
Size

16.5MB
MD5

3018ac1eddf4048d2a94efb466ac0e13
SHA1

a05488e786221a49c85b9e5c0e2634a498472609
SHA256

bc22ca6f803eb07002c560b2451d42a9218b2ec0695b803d4a6748946eca5750
SHA512

9b56a6db954c19f6c98f64ee22f309dd5f5d7c1c2a63ecf934e884f9a83aedbdc1ff7073d2dee8214afeefe4514fbbe1e3d53ebb8461294be0b0ff8990034c5f
SSDEEP

393216:YlHG8WCTBtPI2lfQonT7Xy6qOSMZlf4bYrOv0DofBnw:mGkdtjfQonT7XyofTrvDop

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

ckpamhwutf.mom
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
cq2ki95s71r0tx11
dbkFCallWrapperAddr

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 47KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 822KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.itext Size: 24KB - Virtual size: 24KB

.data Size: 229KB - Virtual size: 229KB

.bss Size: - Virtual size: 47KB

.idata Size: 18KB - Virtual size: 17KB

.didata Size: 26KB - Virtual size: 25KB

.edata Size: 512B - Virtual size: 186B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 822KB - Virtual size: 822KB

.rsrc Size: 594KB - Virtual size: 594KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 7.2MB

.boot Size: 5.0MB - Virtual size: 5.0MB

.text
Size: 9.9MB - Virtual size: 9.9MB

.itext
Size: 24KB - Virtual size: 24KB

.data
Size: 229KB - Virtual size: 229KB

.bss
Size: - Virtual size: 47KB

.idata
Size: 18KB - Virtual size: 17KB

.didata
Size: 26KB - Virtual size: 25KB

.edata
Size: 512B - Virtual size: 186B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 822KB - Virtual size: 822KB

.rsrc
Size: 594KB - Virtual size: 594KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 7.2MB

.boot
Size: 5.0MB - Virtual size: 5.0MB