FFWsUpgrade[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FFWsUpgrade.dll
Size

3.5MB
MD5

4be5aefea4684e2a2403a03d3c7503bb
SHA1

b3164f6aefe0ec1673472adbcf99ad91e9014956
SHA256

bbdfbd50ec24f1088ea339ad5350211f34ecd6cfb59bedcfeed47f5a783694c6
SHA512

fd731428de6836c5b55dad5022fe023204448892e687024fbc6f2967617da1487709369522dd1e30b2351d17916c123ad510e081ce9114559fe6f73a70bc3448
SSDEEP

98304:0OtMx20B7fnBNtpUohxclNBvHDnTAxMzEkBFkjDe6:0txDfBNtphhulNB/DKMzrB8e6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

FFWsUpgrade.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0IFFUpgradeEventObserver@@QEAA@$$QEAV0@@Z
??0IFFUpgradeEventObserver@@QEAA@AEBV0@@Z
??0IFFUpgradeEventObserver@@QEAA@XZ
??0IFFUpgradeService@@QEAA@$$QEAV0@@Z
??0IFFUpgradeService@@QEAA@AEBV0@@Z
??0IFFUpgradeService@@QEAA@XZ
??4IFFUpgradeEventObserver@@QEAAAEAV0@$$QEAV0@@Z
??4IFFUpgradeEventObserver@@QEAAAEAV0@AEBV0@@Z
??4IFFUpgradeService@@QEAAAEAV0@$$QEAV0@@Z
??4IFFUpgradeService@@QEAAAEAV0@AEBV0@@Z
??_7IFFUpgradeEventObserver@@6B@
??_7IFFUpgradeService@@6B@
createUpgradeService
releaseUpgradeService

Sections

Size: 16KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 206B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 265B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 16KB - Virtual size: 41KB

Size: 6KB - Virtual size: 24KB

Size: 206B - Virtual size: 2KB

Size: 1KB - Virtual size: 2KB

Size: 29KB - Virtual size: 173KB

Size: 265B - Virtual size: 268B

.exports Size: 1024B - Virtual size: 4KB

.imports Size: 1024B - Virtual size: 4KB

.rsrc Size: 174KB - Virtual size: 174KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 3.2MB - Virtual size: 3.2MB

.taggant Size: 8KB - Virtual size: 8KB

.exports
Size: 1024B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 174KB - Virtual size: 174KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 3.2MB - Virtual size: 3.2MB

.taggant
Size: 8KB - Virtual size: 8KB