56b08de9c234c02c3d05dd315771e91cc09e9e6c8228201d28800f66dacbf3ce

General

Target

56b08de9c234c02c3d05dd315771e91cc09e9e6c8228201d28800f66dacbf3ce
Size

1.2MB
MD5

49d9f539b1622803e50fcb37d683e61f
SHA1

0046756a219a3cae6c915d85104cb4409d3dd6b9
SHA256

56b08de9c234c02c3d05dd315771e91cc09e9e6c8228201d28800f66dacbf3ce
SHA512

9ecb108d0f4029b13cb80d5fc93222dc39000c966e17ad0dc0787e94f56eb685ae123160a4ee342ed94aacfc8b2eb24b72986634b5aad76bd8b588d0729ba481
SSDEEP

24576:XW3+yC4O9BHDlH15FUdp0PseuVV5nVGfYB:m3+v4WDj5ApCsJV7VxB

Score

8^/10

aspackv2 themida

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/HolicGame.dll	aspack_v212_v242

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/光明戰神.exe	themida

Files

56b08de9c234c02c3d05dd315771e91cc09e9e6c8228201d28800f66dacbf3ce
.rar
HolicGame.dll
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

StartHook

Sections

Size: 80KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 335KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
光明戰神.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 136KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 648KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 80KB - Virtual size: 188KB

Size: 21KB - Virtual size: 40KB

Size: 5KB - Virtual size: 52KB

.rsrc Size: 12KB - Virtual size: 12KB

Size: 10KB - Virtual size: 24KB

Size: 4KB - Virtual size: 4KB

.data Size: 335KB - Virtual size: 336KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

Size: 136KB - Virtual size: 332KB

.rsrc Size: 8KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 4KB

Themida Size: 648KB - Virtual size: 1.4MB

.rsrc
Size: 12KB - Virtual size: 12KB

.data
Size: 335KB - Virtual size: 336KB

.adata
Size: - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 4KB

Themida
Size: 648KB - Virtual size: 1.4MB