bf39eb2da4f28e2197431cd79124a084[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

bf39eb2da4f28e2197431cd79124a084.bin
Size

3.7MB
MD5

0621835b774e39fcf6ca18ecbdd3f307
SHA1

61a7cfb9e4a448e0e60b1da2694a1ab08a558817
SHA256

fa2157cab61a874e2b9dd17a00cab617ef550139dd7d86336ffedaf9ee71513c
SHA512

19cb21e52457b814d89da569b9aac2bb5e2c7ba31b6425ee637196191dc2935de559c7156efcdb98f03db4c45db303c8a8425189594d47fcc0290f3aecc354f6
SSDEEP

49152:cwkZeSNq9iIyxc4th6vwRghbqgpm+0tcFCiSCE8NeFpS71aSM42ZfjersdWIAxOl:cw10OH4DcwRdZmFk9W113vrKWLUvS3SP

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/da9c04a0aca9e409afc8d61a052834878de7d0fc6a58bcfc1feffa3fca77d8d6.dll	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/da9c04a0aca9e409afc8d61a052834878de7d0fc6a58bcfc1feffa3fca77d8d6.dll

Files

bf39eb2da4f28e2197431cd79124a084.bin
.zip

Password: infected
da9c04a0aca9e409afc8d61a052834878de7d0fc6a58bcfc1feffa3fca77d8d6.dll
.dll windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

A080723_MS
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.itext Size: 10KB - Virtual size: 9KB

.data Size: 37KB - Virtual size: 37KB

.bss Size: - Virtual size: 27KB

.idata Size: 13KB - Virtual size: 13KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 169B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 248KB - Virtual size: 248KB

.rsrc Size: 237KB - Virtual size: 237KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.themida Size: 4.3MB - Virtual size: 4.3MB

.text
Size: 2.7MB - Virtual size: 2.7MB

.itext
Size: 10KB - Virtual size: 9KB

.data
Size: 37KB - Virtual size: 37KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 13KB - Virtual size: 13KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 169B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 248KB - Virtual size: 248KB

.rsrc
Size: 237KB - Virtual size: 237KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.themida
Size: 4.3MB - Virtual size: 4.3MB