4868dbd7a037a51bf95fd27f1f69768c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4868dbd7a037a51bf95fd27f1f69768c
Size

1.5MB
MD5

4868dbd7a037a51bf95fd27f1f69768c
SHA1

178d78dd9175c8024d0179f235d80bb93ad44d88
SHA256

e9b49356b70fc707f65211ab2fb367e0d0bbaccad57132b4b94b2d24ab495393
SHA512

38cc189f76691ae145110c0e3757c14ad3782ca87c2056f18a5c101721e2c9b2d1b168bd6ba42e44679531f5a5dcd15b4d51abe71e3d69bfc4c0995b6eba64d0
SSDEEP

24576:xQ25kXAJ2eVSfSH3C9qtIaIRvtvF/kd4eMODxvk01VMDFOXssw67WpPoR:+Xs2CRH3C9qtNI5td/c/uOyuWm

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4868dbd7a037a51bf95fd27f1f69768c

Files

4868dbd7a037a51bf95fd27f1f69768c
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Csocket@Finalize
@@Csocket@Initialize
@@Ffrmbot@Finalize
@@Ffrmbot@Initialize
@@Ffrmlogin@Finalize
@@Ffrmlogin@Initialize
@@Main@Finalize
@@Main@Initialize
___CPPdebugHook
_dlgAddition
_dlgCZ
_dlgParty
_frmBot
_frmLogin

Sections

Size: 723KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 722KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE