64dlldlldlldll[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

64dlldlldlldll.dll
Size

3.5MB
MD5

f40e1a15f93696510e5faef3a216f18f
SHA1

6d353491cc7f32bcf9211c7dc1a5b7149e4ebf9a
SHA256

f8d015ac4faff5d7a5da0e95f3cc9e9eb18417cd749b3b4625b5312910a25b7b
SHA512

5b20529fc6ee3731382d48cf2db7dce8bae0ba753314e8bed07ba993c1ae891134385df7f4ffd7ee62e0b1b6618bfb209b27fac3fdbe88a60b1375747fefe2b2
SSDEEP

49152:T+y6I9edJ9qu8moH+xNSJJ1LKz+JsK47C:L69RyLqe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

64dlldlldlldll.dll
.dll windows x64

Code Sign

58:94:3a:f1:d1:b8:b8:8d:4f:cd:2d:76:7a:f5:3b:c5
Certificate

Issuer

CN=ASUS ROG Phone 5s 12/256GB Black (Black Colour)

Not Before

03-06-2023 11:01

Not After

04-06-2033 11:01

Subject

CN=ASUS ROG Phone 5s 12/256GB Black (Black Colour)

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:cc:fc:ad:90:e6:3e:22:46:c5:30:64:a6:75:d4:57:7f:27:b9:7a:6c:5f:1d:39:ee:96:c9:1e:e0:c2:70:86
Signer

Actual PE Digest

22:cc:fc:ad:90:e6:3e:22:46:c5:30:64:a6:75:d4:57:7f:27:b9:7a:6c:5f:1d:39:ee:96:c9:1e:e0:c2:70:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

rundll

Sections

Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

58:94:3a:f1:d1:b8:b8:8d:4f:cd:2d:76:7a:f5:3b:c5Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

22:cc:fc:ad:90:e6:3e:22:46:c5:30:64:a6:75:d4:57:7f:27:b9:7a:6c:5f:1d:39:ee:96:c9:1e:e0:c2:70:86Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 4KB - Virtual size: 11KB

Size: 512B - Virtual size: 2KB

Size: 512B - Virtual size: 595B

Size: 512B - Virtual size: 432B

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 3.5MB - Virtual size: 3.5MB

58:94:3a:f1:d1:b8:b8:8d:4f:cd:2d:76:7a:f5:3b:c5
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

22:cc:fc:ad:90:e6:3e:22:46:c5:30:64:a6:75:d4:57:7f:27:b9:7a:6c:5f:1d:39:ee:96:c9:1e:e0:c2:70:86
Signer

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 3.5MB - Virtual size: 3.5MB