11243f75e52e688057ce191ee4f7e335b28ccce8c00d3b8e13028804412a492d

Sharing

Copy URL Twitter E-mail

General

Target

11243f75e52e688057ce191ee4f7e335b28ccce8c00d3b8e13028804412a492d
Size

4.0MB
MD5

1ff7c00b99e2409160af2b460ad1200a
SHA1

f116dbfd8068ad2a17eda3546732fe145b660d16
SHA256

11243f75e52e688057ce191ee4f7e335b28ccce8c00d3b8e13028804412a492d
SHA512

a02806dc1a88fddce82c14c90bf5f74203663706b3e544bf5e75ac97dfbd1244befa5853e6b4bc3c5770903b472c73838f3e9513257c9e39d62a00f66e7398c7
SSDEEP

98304:izo9TsL1HM6SIIIT5QT5VyUKhSBXcfzr5ETZVs99bvRwN9L5OA:YCTKBMpIbQT5VyUKhS5cRTvRGsA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11243f75e52e688057ce191ee4f7e335b28ccce8c00d3b8e13028804412a492d

Files

11243f75e52e688057ce191ee4f7e335b28ccce8c00d3b8e13028804412a492d
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

?GSDrv_0@@YAJXZ
?GSDrv_10@@YAJPEBD@Z
?GSDrv_11@@YAJI_KIHPEAX@Z
?GSDrv_12@@YAJI_K@Z
?GSDrv_13@@YAJI_KII@Z
?GSDrv_14@@YAJI_KI@Z
?GSDrv_15@@YAJI_KPEAX@Z
?GSDrv_16@@YAJI_K@Z
?GSDrv_17@@YAJJJII@Z
?GSDrv_18@@YAJII@Z
?GSDrv_19@@YAJI@Z
?GSDrv_1@@YAJPEBD@Z
?GSDrv_20@@YAJI_KPEAXII1@Z
?GSDrv_21@@YAJ_KH@Z
?GSDrv_2@@YAJPEBDIIHPEAXI@Z
?GSDrv_3@@YAJ_K@Z
?GSDrv_4@@YAJIPEAX@Z
?GSDrv_5@@YAJIPEBDPEAX@Z
?GSDrv_6@@YAJI_KPEAXKK@Z
?GSDrv_7@@YAJPEBD@Z
?GSDrv_8@@YAJIH@Z
?GSDrv_9@@YAJI@Z

Sections

Size: 34KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 34KB - Virtual size: 58KB

Size: 6KB - Virtual size: 16KB

Size: 512B - Virtual size: 2KB

Size: 1KB - Virtual size: 2KB

Size: 512B - Virtual size: 488B

Size: 512B - Virtual size: 120B

.edata Size: 1024B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.6MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.edata
Size: 1024B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.6MB

.boot
Size: 3.9MB - Virtual size: 3.9MB