55b1f90e6dd87f7914f37a468abb7430b0d53b85754dc12d9fe4d1e020c7d79e

General

Target

55b1f90e6dd87f7914f37a468abb7430b0d53b85754dc12d9fe4d1e020c7d79e
Size

1.5MB
MD5

5ea312d986a7d8c15b7169ef1754f80c
SHA1

4d7d97c2d0b2bc4831aa882b47be967e52eb8e6a
SHA256

55b1f90e6dd87f7914f37a468abb7430b0d53b85754dc12d9fe4d1e020c7d79e
SHA512

69119b9b663920b3bda075215033493bd595839c6753d98d698bd3f57f9edfdec2e34451368f536a2e6e680f54f1073af70c84c4ed9cc8e1027dccdecb37ad0f
SSDEEP

24576:jYY2S15PJc+EeHn4PZO5jkS8XDRL55hRNtMtBoe5jH4ITKpOixair2gKy1Il4M6:MI15PSJeIc5jkS8X1F/RNtMtcITKpJx9

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/CHEATI~1.EXE	themida

Files

55b1f90e6dd87f7914f37a468abb7430b0d53b85754dc12d9fe4d1e020c7d79e
.cab
CHEATI~1.EXE
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 15KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PROMED~1.EXE
.exe windows x86

e2777a8ec6ab285d3c780a89d081f3bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarOr
__vbaStrR4
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarCmpEq
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: 15KB - Virtual size: 56KB

.rsrc Size: 4KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 1.2MB - Virtual size: 2.5MB

e2777a8ec6ab285d3c780a89d081f3bf

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 32KB - Virtual size: 30KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 1.2MB - Virtual size: 2.5MB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB