27bb0f07d5dfd556dc02b3136f78ea9f

Sharing

Copy URL Twitter E-mail

General

Target

27bb0f07d5dfd556dc02b3136f78ea9f
Size

8.0MB
MD5

27bb0f07d5dfd556dc02b3136f78ea9f
SHA1

722cae1f95c22bdf1ff0a5f2bd90893a6c2dccc6
SHA256

92670895ef22663b593364744c4daf686c8a3a64dc59aa0ca7ae5b2bf12a4976
SHA512

8b278093aaf4960cfbfe4f420c454e82b21389614e822a9e0a67e9a5066f3ee15612bc1e7f5889efc49d4783eeb6d734b64ccb241a6245097d0ba95314287dbb
SSDEEP

196608:oZ5yakTiBwMrGM9LpKsFQdeGSpIf+Uv6FttGA:YUa0i+MpzQdPfKttGA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27bb0f07d5dfd556dc02b3136f78ea9f

Files

27bb0f07d5dfd556dc02b3136f78ea9f
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
t9EJHNpOh8l

Sections

Size: 2.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 30KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 307KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 2.4MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 2.0MB - Virtual size: 6.0MB

Size: 6KB - Virtual size: 11KB

Size: 30KB - Virtual size: 58KB

Size: - Virtual size: 28KB

Size: 1KB - Virtual size: 16KB

Size: 1KB - Virtual size: 3KB

Size: 512B - Virtual size: 190B

Size: 512B - Virtual size: 69B

Size: 307KB - Virtual size: 567KB

Size: 2.4MB - Virtual size: 2.5MB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 5.5MB

.boot Size: 3.3MB - Virtual size: 3.3MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 5.5MB

.boot
Size: 3.3MB - Virtual size: 3.3MB