dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0

Sharing

Copy URL Twitter E-mail

General

Target

dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0
Size

5.7MB
MD5

104dd8e3bf957c6cf7da52c546405ab7
SHA1

2623754939b50204e06d94ae62eb6afc6587f69a
SHA256

dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0
SHA512

435f7b869769d3a1642c84f3b081c5e93e22c4fd96f7aa82c9d8201b539106bddc0b047348d92bc752a6d9afcd97bfe1e84eaa20a036d92593806de7adc99628
SSDEEP

98304:NEp+KwDQdGp//3wHhGizimMxJlqyIZybWHOpjecBF7yx2h5UO1VQxznJZ531:NEp+fDQdGp3wBGgovqZfHOxtBB62DI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

dd6ab934b4c23d80a7a699d9ef55498d56115c86df0fa9ff73cfc1651c1b07c0
.exe windows x86

b09ccc7a04dbc8e57e57438561e8c3b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

shell32

SHGetFolderPathW

Sections

Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp 0
Size: - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp 1
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp 2
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp 3
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b09ccc7a04dbc8e57e57438561e8c3b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

Sections

Size: - Virtual size: 5KB

Size: - Virtual size: 3KB

.data Size: - Virtual size: 96B

Size: - Virtual size: 696B

.vmp 0 Size: - Virtual size: 265KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: - Virtual size: 1.9MB

.vmp 1 Size: - Virtual size: 1.4MB

.vmp 2 Size: 512B - Virtual size: 436B

.vmp 3 Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 265KB

.data
Size: - Virtual size: 96B

.vmp 0
Size: - Virtual size: 265KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: - Virtual size: 1.9MB

.vmp 1
Size: - Virtual size: 1.4MB

.vmp 2
Size: 512B - Virtual size: 436B

.vmp 3
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 265KB