e5e400d690b04dc2745d8003cd90fcaa946cedd2fcf439e8a109bfb286f82ebd

Sharing

Copy URL Twitter E-mail

General

Target

e5e400d690b04dc2745d8003cd90fcaa946cedd2fcf439e8a109bfb286f82ebd
Size

8.6MB
MD5

bfad9c8ed311db208f6e534e1c9ea4ec
SHA1

80591d1b5a81433634cf326288e2b8377c73f524
SHA256

e5e400d690b04dc2745d8003cd90fcaa946cedd2fcf439e8a109bfb286f82ebd
SHA512

0a8435a66a655c4a1422dc0ae6ad8c03829905c1f2b6e27ad28d875c3ade426d6ffcc3c1e4b84b38a550bdb7becefb2740873017a9b937a31d49feb1e0af8485
SSDEEP

196608:W1QpWN0HeP3Rg+vqqi340wuPd2HHWOM+e3iif5veeTr6:qXf3RRvn02n5MeMr6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5e400d690b04dc2745d8003cd90fcaa946cedd2fcf439e8a109bfb286f82ebd

Files

e5e400d690b04dc2745d8003cd90fcaa946cedd2fcf439e8a109bfb286f82ebd
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Leave_Change
Leave_GetLoginStr
Leave_GetParams
Leave_GetValue
Leave_Initialization
Leave_Login
Leave_Register
Leave_Renew
Leave_SendHeartbeat
Leave_UpdateValue
Leave_VerifyEmail
Leave_isLogin

Sections

Size: 424KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 840KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 32KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 424KB - Virtual size: 743KB

Size: 840KB - Virtual size: 1.8MB

Size: 32KB - Virtual size: 255KB

Size: 8KB - Virtual size: 22KB

Size: 32KB - Virtual size: 85KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.themida Size: - Virtual size: 11.5MB

.boot Size: 7.3MB - Virtual size: 7.3MB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB

.themida
Size: - Virtual size: 11.5MB

.boot
Size: 7.3MB - Virtual size: 7.3MB