EMP-2[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EMP-2.dll
Size

14.2MB
MD5

87329f335e8061d7a7d31cd1121381a2
SHA1

4c81d34ec016b1fde8f1edf3ee391ebeea9481ae
SHA256

27d884d412b56bc49d3fcd6759c6a5b1884cea402bd2eee730da1e82ed83e23b
SHA512

cef447675758efb04e007a3b4a929dc562b71bf8184ac00c5e5176a4d8dbdcd807b0f0dc4c766bb1900902ce59ef2d56b7ef814412d0718673613deabab2cc98
SSDEEP

196608:fG01fTjxw6Yglx7uUqRc4z9xAtQCVdTsfT:f1fTjxZAUqa4z9xAmAd4L

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

EMP-2.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

EMP

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EMP0
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EMP
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data3
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data4
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EMP1
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 4KB

.EMP0 Size: 512B - Virtual size: 4KB

.data2 Size: 92KB - Virtual size: 92KB

.EMP Size: 204KB - Virtual size: 204KB

.data3 Size: 612KB - Virtual size: 612KB

.data4 Size: 3.2MB - Virtual size: 3.2MB

.EMP1 Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 512B - Virtual size: 144B

.rsrc Size: 512B - Virtual size: 233B

.exports Size: 512B - Virtual size: 4KB

.imports Size: 512B - Virtual size: 4KB

.themida Size: 6.8MB - Virtual size: 6.8MB

.text
Size: 3KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 4KB

.EMP0
Size: 512B - Virtual size: 4KB

.data2
Size: 92KB - Virtual size: 92KB

.EMP
Size: 204KB - Virtual size: 204KB

.data3
Size: 612KB - Virtual size: 612KB

.data4
Size: 3.2MB - Virtual size: 3.2MB

.EMP1
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 512B - Virtual size: 144B

.rsrc
Size: 512B - Virtual size: 233B

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 512B - Virtual size: 4KB

.themida
Size: 6.8MB - Virtual size: 6.8MB