5c99a320a1970ce85b2a9e611a96a7cc4c5f3923be3507402d436090b78b5f34

Sharing

Copy URL Twitter E-mail

General

Target

5c99a320a1970ce85b2a9e611a96a7cc4c5f3923be3507402d436090b78b5f34
Size

6.4MB
MD5

b66898a3541dc7d943b1e86a80800c79
SHA1

410bb949dea478eca2376c08e35d6435e8eb7e3a
SHA256

5c99a320a1970ce85b2a9e611a96a7cc4c5f3923be3507402d436090b78b5f34
SHA512

a74bf09f6826bf3e7e76c916de2514cc570cb4768c1188f4fe13885861843b770021bbf9a88bea5107192aa073e1927b1acfd7ffac65678744bb19b63062df7c
SSDEEP

196608:Q5v+nX3Jn2+QXS5zcb3EP7Df+IINtgfgqzlR:Q5voX3p9QNsGIOtWnzl

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c99a320a1970ce85b2a9e611a96a7cc4c5f3923be3507402d436090b78b5f34

Files

5c99a320a1970ce85b2a9e611a96a7cc4c5f3923be3507402d436090b78b5f34
.exe windows:6 windows x64

90cbc641339e24746f48696dcc40a747

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
CharUpperBuffW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp:"0
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp:"1
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp:"2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp:"3
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90cbc641339e24746f48696dcc40a747

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.vmp:"0 Size: - Virtual size: 173KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.vmp:"1 Size: - Virtual size: 2.6MB

.vmp:"2 Size: 2KB - Virtual size: 1KB

.vmp:"3 Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 512B - Virtual size: 172B

.rsrc Size: 89KB - Virtual size: 89KB

.vmp:"0
Size: - Virtual size: 173KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.vmp:"1
Size: - Virtual size: 2.6MB

.vmp:"2
Size: 2KB - Virtual size: 1KB

.vmp:"3
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 512B - Virtual size: 172B

.rsrc
Size: 89KB - Virtual size: 89KB