eeff3a3739d2479ee3dc5165b96229ab5d7a9b67963ff1ce0eca4523ad32252d

Sharing

Copy URL Twitter E-mail

General

Target

eeff3a3739d2479ee3dc5165b96229ab5d7a9b67963ff1ce0eca4523ad32252d
Size

7.0MB
MD5

80bb20952314f7f75d2b1b31c8eb602f
SHA1

e1620d9d3f5277f62ceff601c389304e004067cf
SHA256

eeff3a3739d2479ee3dc5165b96229ab5d7a9b67963ff1ce0eca4523ad32252d
SHA512

eaa8387c83638ea488120dc7f122ddf707f2a2df6d793cce102d8e8b5046d4d1421dd6ba045a56b64cf389eba81c0cd0b3aeab3888c9ca3fd62ac1066bfe7fc3
SSDEEP

196608:ao+GHx/gmGDPqbPOSsM8VYpWlsUqgreYv8ZO:aWR/ASshScPrres

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eeff3a3739d2479ee3dc5165b96229ab5d7a9b67963ff1ce0eca4523ad32252d

Files

eeff3a3739d2479ee3dc5165b96229ab5d7a9b67963ff1ce0eca4523ad32252d
.exe windows:6 windows x64

a4308f82c6f6f467c58289d16d7acab2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp+0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp+1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp+2
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp+3
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4308f82c6f6f467c58289d16d7acab2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.vmp+0 Size: - Virtual size: 1.1MB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.vmp+1 Size: - Virtual size: 1.3MB

.vmp+2 Size: 1024B - Virtual size: 944B

.vmp+3 Size: 6.9MB - Virtual size: 6.9MB

.reloc Size: 512B - Virtual size: 148B

.rsrc Size: 86KB - Virtual size: 1.1MB

.vmp+0
Size: - Virtual size: 1.1MB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.vmp+1
Size: - Virtual size: 1.3MB

.vmp+2
Size: 1024B - Virtual size: 944B

.vmp+3
Size: 6.9MB - Virtual size: 6.9MB

.reloc
Size: 512B - Virtual size: 148B

.rsrc
Size: 86KB - Virtual size: 1.1MB