WlndowsDraiver-Ver2[.]6[.]8[.]0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WlndowsDraiver-Ver2.6.8.0.exe
Size

599.6MB
MD5

3d87770b36e964578dc0b46358b09f6e
SHA1

fe11f5054cc1e7d5a1901ccbf2202c655ef5f248
SHA256

53d891dfa98c1273c562de3bb4212ac08dabb07a0d626db407bc6aca2421a112
SHA512

1507a76f79e43d7fc86965f23d947e92edd2ab8aa84eed92adda2d0e7ae90102a5322db62da6e68d8c5bd0e29741460b137529815ad62f01d6cfff0cefb24449
SSDEEP

196608:4DvrwxRhf2KD95foW8V0RpKtGCLawEWdD+eIAIG:eEI29KWYogHEWdDe0

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

WlndowsDraiver-Ver2.6.8.0.exe
.exe windows x64

d67688b0b39051c22f07167dfdd6ecad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetClipboardData

Sections

.text
Size: - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0Dev
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

):L(O*IY
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

):L(O*IY
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

):L(O*IY
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d67688b0b39051c22f07167dfdd6ecad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 455KB

.data Size: - Virtual size: 16KB

.idata Size: - Virtual size: 3KB

.reloc Size: - Virtual size: 2KB

.0Dev Size: - Virtual size: 1.7MB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.1MB

):L(O*IY Size: - Virtual size: 2.7MB

):L(O*IY Size: 1024B - Virtual size: 944B

):L(O*IY Size: 8.4MB - Virtual size: 8.4MB

.text
Size: - Virtual size: 455KB

.data
Size: - Virtual size: 16KB

.idata
Size: - Virtual size: 3KB

.reloc
Size: - Virtual size: 2KB

.0Dev
Size: - Virtual size: 1.7MB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.1MB

):L(O*IY
Size: - Virtual size: 2.7MB

):L(O*IY
Size: 1024B - Virtual size: 944B

):L(O*IY
Size: 8.4MB - Virtual size: 8.4MB