file | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file
Size

6.5MB
MD5

4c6d722386fc028e9813c9434c81840e
SHA1

b63b394e5bf0f832ad175186037c4a1eafedd55b
SHA256

a763709cacb29bab169bea58709364f138c92fa4fa86bae2bc2524cff4637f50
SHA512

730edde4aeadff0b71fb399567abbf90e89a8093489ee0fc9923a14c40fd68bac9a46b74c112e8e779f1cf1ddef96240d1cb24b484a4b187c864560f1d579936
SSDEEP

196608:Qft/3UMOoqLlQL+fT3OMdzBiI5Kik1DjEBX1isu:QftP2pQ8DOMdzOxmX1iJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file

Files

file
.exe windows:6 windows x86 arch:x86

bfd5caae391e20afe1584b9576b4f626

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowRect

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

shell32

SHGetFolderPathA

ole32

CoUninitialize

ws2_32

WSACleanup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipSaveImageToFile

setupapi

SetupDiEnumDeviceInterfaces

ntdll

RtlUnicodeStringToAnsiString

Sections

Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VOID_UT
Size: - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VOID_UT
Size: - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VOID_UT
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VOID_UT
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 330KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfd5caae391e20afe1584b9576b4f626

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

Sections

Size: - Virtual size: 1.2MB

Size: - Virtual size: 214KB

Size: - Virtual size: 13KB

.VOID_UT Size: - Virtual size: 571KB

Size: - Virtual size: 37KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

.boot Size: - Virtual size: 3.3MB

.VOID_UT Size: - Virtual size: 398KB

.VOID_UT Size: 1024B - Virtual size: 516B

.VOID_UT Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 330KB - Virtual size: 571KB

.VOID_UT
Size: - Virtual size: 571KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: - Virtual size: 3.3MB

.VOID_UT
Size: - Virtual size: 398KB

.VOID_UT
Size: 1024B - Virtual size: 516B

.VOID_UT
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 330KB - Virtual size: 571KB