FExportView[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

FExportView.dll
Size

4.8MB
MD5

2eb7dbb680f542f2b2d0611e7f4b6bf2
SHA1

73d87ae21ce79fe5d3ad7a4f4ed6cfd7a588ec0b
SHA256

483b97613cc6f73b0250d54f42782828c53fe035351ca62f74e5cdec991c002e
SHA512

b0366bfe7513b51dcb648ed07ce1905e85cdf64ae6aafb04fe3fe6d864a355c3b3c23f0eb8fa189dfd0a2b1e96a4440d606a2496365be2cab5a55a31645db348
SSDEEP

98304:VPpTSPLLVyAEevJTqEngSwEVytBBAlWweabuKKis/tYKz:VPsP1yAEevJTqagSv6GWwewKiCYi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

FExportView.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0?$FFLazySingleton@VFExportPresetManager@@@@IEAA@XZ
??0FExportPresetHelper@@QEAA@W4FormatType@@@Z
??0FExportPresetHelper@@QEAA@XZ
??0FExportPresetManager@@QEAA@XZ
??0IFSmartEditExport@@QEAA@PEAVQWidget@@@Z
??1?$FFLazySingleton@VFExportPresetManager@@@@MEAA@XZ
??1FExportPresetHelper@@UEAA@XZ
??1FExportPresetManager@@UEAA@XZ
??1IFSmartEditExport@@UEAA@XZ
??_7?$FFLazySingleton@VFExportPresetManager@@@@6B@
??_7FExportPresetHelper@@6BIFFAppSettingsSyncProvider@@@
??_7FExportPresetHelper@@6BQObject@@@
??_7FExportPresetManager@@6B?$FFLazySingleton@VFExportPresetManager@@@@@
??_7FExportPresetManager@@6BIFFProjectManagerEventObserver@@@
??_7IFSmartEditExport@@6BQObject@@@
??_7IFSmartEditExport@@6BQPaintDevice@@@
?ConnectSignals@IFSmartEditExport@@AEAAXXZ
?CreateUI@IFSmartEditExport@@AEAAXXZ
?ExportToLocal@IFSmartEditExport@@QEAA_NXZ
?GetFormatFileDirectory@FExportPresetHelper@@AEAA?AVQString@@XZ
?GetPresetJsonDirectory@FExportPresetHelper@@AEAA?AVQString@@XZ
?OpenXmlFile@FExportPresetHelper@@AEAA_NAEAVQDomDocument@@VQString@@@Z
?RetranslateUi@IFSmartEditExport@@MEAAXXZ
?SetExportConfig@IFSmartEditExport@@QEAAXAEBVQVariant@@@Z
?SetTimeline@IFSmartEditExport@@QEAAXPEBVIFFTimeline@@@Z
?StopExportToLocal@IFSmartEditExport@@QEAA_NXZ
?activeInstance@?$FFLazySingleton@VFExportPresetManager@@@@SAPEAVFExportPresetManager@@XZ
?addPresetInfoItem@FExportPresetHelper@@QEAAXVQString@@UPresetValue@@@Z
?attachManager@?$FFLazySingleton@VFExportPresetManager@@@@MEBA_NXZ
?closeEvent@IFSmartEditExport@@MEAAXPEAVQCloseEvent@@@Z
?deletePresetInfoItem@FExportPresetHelper@@QEAAXVQString@@0@Z
?destory@?$FFLazySingleton@VFExportPresetManager@@@@MEAAXXZ
?doTranslate@IFSmartEditExport@@AEAAXXZ
?getAllPresetInfos@FExportPresetHelper@@AEAAXXZ
?getAllPresetNames@FExportPresetHelper@@QEAAXAEBVQString@@AEAVQStringList@@@Z
?getCurrentDefaultIndex@FExportPresetHelper@@QEAAHVQString@@0@Z
?getEncodeParamPreset@FExportPresetHelper@@QEBAXAEAVQString@@@Z
?getFormatFileName@FExportPresetHelper@@AEAA?AVQString@@XZ
?getPresetHelper@FExportPresetManager@@QEAAPEAVFExportPresetHelper@@W4FormatType@@@Z
?getPresetInfoFromJson@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
?getPresetValue@FExportPresetHelper@@QEAA?AUPresetValue@@W4PresetType@@VQString@@1@Z
?getSyncAppSetting@FExportPresetHelper@@UEAAXW4AppSettingType@@AEAVQString@@@Z
?init@FExportPresetManager@@AEAAXXZ
?initPresetInfos@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
?instance@?$FFLazySingleton@VFExportPresetManager@@@@SAPEAVFExportPresetManager@@XZ
?isActive@?$FFLazySingleton@VFExportPresetManager@@@@SA_NXZ
?isPresetNameRepeat@FExportPresetHelper@@QEAA_NVQString@@0@Z
?m_oMutex@?$FFLazySingleton@VFExportPresetManager@@@@0VQMutex@@A
?m_pInstance@?$FFLazySingleton@VFExportPresetManager@@@@0PEAVFExportPresetManager@@EA
?metaObject@FExportPresetHelper@@UEBAPEBUQMetaObject@@XZ
?metaObject@IFSmartEditExport@@UEBAPEBUQMetaObject@@XZ
?onBeforeActiveProjectChangeEvent@FExportPresetManager@@UEAAXXZ
?overWritePresetInfoItem@FExportPresetHelper@@QEAAXVQString@@UPresetValue@@@Z
?presetIsModify@FExportPresetHelper@@AEAAXXZ
?projectParamModified@FExportPresetManager@@QEAAXXZ
?qt_metacall@FExportPresetHelper@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacall@IFSmartEditExport@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@FExportPresetHelper@@UEAAPEAXPEBD@Z
?qt_metacast@IFSmartEditExport@@UEAAPEAXPEBD@Z
?qt_static_metacall@FExportPresetHelper@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?qt_static_metacall@IFSmartEditExport@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?reject@IFSmartEditExport@@MEAAXXZ
?release@?$FFLazySingleton@VFExportPresetManager@@@@SAXXZ
?resetFirstOpenDefault@FExportPresetHelper@@QEAAXXZ
?resetFirstOpenPresetNameToDefault@FExportPresetHelper@@QEAAXXZ
?saveAllPresetInfos@FExportPresetHelper@@AEAAX_N@Z
?setEncodeParamPreset@FExportPresetHelper@@QEAAXAEBVQString@@@Z
?setPresetValue@FExportPresetHelper@@QEAAXW4PresetType@@VQString@@UPresetValue@@@Z
?setSyncAppSetting@FExportPresetHelper@@UEAAXW4AppSettingType@@AEBVQString@@@Z
?staticMetaObject@FExportPresetHelper@@2UQMetaObject@@B
?staticMetaObject@IFSmartEditExport@@2UQMetaObject@@B
?toPresetObject@FExportPresetHelper@@AEBA?AVQJsonObject@@AEBUPresetValue@@@Z
?toPresetValue@FExportPresetHelper@@AEBA?AUPresetValue@@AEBVQJsonObject@@@Z
?tr@FExportPresetHelper@@SA?AVQString@@PEBD0H@Z
?tr@IFSmartEditExport@@SA?AVQString@@PEBD0H@Z
?trUtf8@FExportPresetHelper@@SA?AVQString@@PEBD0H@Z
?trUtf8@IFSmartEditExport@@SA?AVQString@@PEBD0H@Z
?updateFormatData@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
exportShowGuideTimeline
exportTemplateTimeline
exportTimeline
limitExportType

Sections

Size: 342KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 482KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 33KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 342KB - Virtual size: 1009KB

Size: 482KB - Virtual size: 841KB

Size: 3KB - Virtual size: 16KB

Size: 33KB - Virtual size: 53KB

Size: 29KB - Virtual size: 173KB

Size: 2KB - Virtual size: 12KB

.exports Size: 5KB - Virtual size: 5KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 174KB - Virtual size: 174KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 512B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 8KB

.exports
Size: 5KB - Virtual size: 5KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 174KB - Virtual size: 174KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 512B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 8KB