cfde1ee913cfdad570669a3272a2a25b1d6c6f020b4314e27c4c5f60a8a8de3e

Sharing

Copy URL Twitter E-mail

General

Target

cfde1ee913cfdad570669a3272a2a25b1d6c6f020b4314e27c4c5f60a8a8de3e
Size

6.5MB
MD5

1c1d5fe9470618630b6b3fdb4ad4b9f1
SHA1

ece4bc542cb58ed9c74666eac8ca4517e48800a1
SHA256

cfde1ee913cfdad570669a3272a2a25b1d6c6f020b4314e27c4c5f60a8a8de3e
SHA512

7517649e7e10f261eb57ab3dd56a28af3f1a20ee1efb9b7d7a037fe8e526602cbac4b050b43c6ef5c6b375736b23071754aad1a6977b73ee9ed46c9818e2b5df
SSDEEP

98304:lskfRnxhAd9tfln5pWjDydJ3DQWbnhJ1/PGCoxBaE+XvRPDakHmV+nT3xMnuE41i:nzI9NsjDydJ3D9hzeMR7akGVcqa+n

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfde1ee913cfdad570669a3272a2a25b1d6c6f020b4314e27c4c5f60a8a8de3e

Files

cfde1ee913cfdad570669a3272a2a25b1d6c6f020b4314e27c4c5f60a8a8de3e
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

LdrProcessRelocationBlock
StealthCloseFile
StealthGetSize
StealthOpenFile
StealthReadFile

Sections

Size: 1.3MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 349KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 26KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 956KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 1.3MB - Virtual size: 2.9MB

Size: 349KB - Virtual size: 1.3MB

Size: 26KB - Virtual size: 356KB

Size: 64KB - Virtual size: 109KB

Size: 512B - Virtual size: 348B

Size: 956KB - Virtual size: 1.7MB

Size: 12KB - Virtual size: 142KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 16B - Virtual size: 4KB