PanoCommand[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

PanoCommand.dll
Size

3.4MB
MD5

6ad34fcad75074bbf0eb3ca654ff704b
SHA1

8abcfa51224ca6ed7e0a8c904ec9979bc19843d5
SHA256

dbf671c1520f919538b073708dd7ec84c7eeaeac0939441f986282aa1adff750
SHA512

9d699fb6ee0a8115dc698a53634e1eb8c751b6c703ab4a5a908e4c20fc6377dcf2c3d05c6661e7b5a923a9d5fdb8caf3ab3c779a6ab6ce899c043db688c3b974
SSDEEP

49152:hpbUKxJjUoJZdRjyxely+P9YFOdH4JoqE6Afujj9glJwE+ML4XnBCrOJOZLtjOgE:TUKpRfly+VY0dH4eFcjWJVKBCZOWXrU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

PanoCommand.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0PanoCommand@@QEAA@AEBV0@@Z
??0PanoCommand@@QEAA@XZ
??1PanoCommand@@UEAA@XZ
??4PanoCommand@@QEAAAEAV0@AEBV0@@Z
??_7PanoCommand@@6B@
?A3DMoveFile@PanoCommand@@IEAAXXZ
?ActivateLumion@PanoCommand@@IEAAXXZ
?AddChild@PanoCommand@@IEAAXAEBU_GUID@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HV34@_N@Z
?AddChildren@PanoCommand@@IEAAXAEBV?$vector@U?$pair@U_GUID@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@V?$allocator@U?$pair@U_GUID@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@@2@@std@@@Z
?CallChannel@PanoCommand@@UEAAXXZ
?CheckYoutubeLogin@PanoCommand@@IEAAXXZ
?CheckYoutubeLoginStatus@PanoCommand@@IEAAXXZ
?CommandType@PanoCommand@@UEAA?AW40PanoCommandType@@XZ
?CommandType@PanoCommand@@UEAAXW40PanoCommandType@@@Z
?ConfirmYoutubeAuthorization@PanoCommand@@IEAAXXZ
?DoDependencyInit@PanoCommand@@UEAAXPEAVA3d_List@@@Z
?FloatFromChild@PanoCommand@@IEAAMH@Z
?FloatToChild@PanoCommand@@IEAAXHM@Z
?GetMapZenKey@PanoCommand@@IEAAXXZ
?GetOSInfo@PanoCommand@@IEAAXXZ
?GetSuccessCodeFromYoutubeLogin@PanoCommand@@IEAAXXZ
?GetUploadFileToYoutubeStatus@PanoCommand@@IEAAXXZ
?HttpGetNews@PanoCommand@@IEAAXXZ
?LoadChannel@PanoCommand@@UEAA_NAEAVA3dFileLoader@@PEAVA3d_ChannelGroup@@@Z
?LogError@PanoCommand@@IEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I0I@Z
?LogLumionOutput@PanoCommand@@IEAAXXZ
?ManagementPortalStatus@PanoCommand@@IEAAXXZ
?OpenAuthCodeRequest@PanoCommand@@IEAAXXZ
?OpenManagementPortal@PanoCommand@@IEAAXXZ
?OpenUrl@PanoCommand@@IEAAXXZ
?PostFileContent@PanoCommand@@IEAAXXZ
?ProcessHTTPHeaders@PanoCommand@@IEAAXAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$map@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@@std@@@2@@3@@Z
?RemoveSkyGlassDirectory@PanoCommand@@IEAAXXZ
?RequestUpload@PanoCommand@@IEAAXXZ
?SaveChannel@PanoCommand@@UEAA_NAEAVA3dFileSaver@@@Z
?SaveUnicodeTextFile@PanoCommand@@IEAAXXZ
?UploadFileToYoutube@PanoCommand@@IEAAXXZ
?UploadImageToMyLumion@PanoCommand@@IEAAXXZ
?UploadPanoramaToMyLumion@PanoCommand@@IEAAXXZ
?UrlDecodeString@PanoCommand@@IEAAXXZ
?UrlEncodeString@PanoCommand@@IEAAXXZ
?WStringFromChild@PanoCommand@@IEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@H@Z
?WStringToChild@PanoCommand@@IEAAXHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?WebServiceCommand@PanoCommand@@IEAAXXZ
?childMap_@PanoCommand@@1V?$map@U_GUID@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UGUIDComparer@@V?$allocator@U?$pair@$$CBU_GUID@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@std@@@3@@std@@B
GetType
InitDLL

Sections

Size: 33KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 220B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 610B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 188B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 129B - Virtual size: 1000B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 33KB - Virtual size: 88KB

Size: 11KB - Virtual size: 43KB

Size: 220B - Virtual size: 792B

Size: 1KB - Virtual size: 3KB

Size: 610B - Virtual size: 1KB

Size: 188B - Virtual size: 192B

Size: 129B - Virtual size: 1000B

.exports Size: 3KB - Virtual size: 4KB

.imports Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.3MB - Virtual size: 3.3MB

.taggant Size: 8KB - Virtual size: 8KB

.exports
Size: 3KB - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.3MB - Virtual size: 3.3MB

.taggant
Size: 8KB - Virtual size: 8KB