5a900a599ee726d179f28b6f7d18c1c6

Sharing

Copy URL Twitter E-mail

General

Target

5a900a599ee726d179f28b6f7d18c1c6
Size

6.9MB
MD5

5a900a599ee726d179f28b6f7d18c1c6
SHA1

935f1e3711308384c0db7a00f4ea0a0c41ad3b74
SHA256

7ba93bb22e21061429a33268b44d2a69b441e4fddc81c6590b429c470854fa35
SHA512

b7b9b960d190545a5f205f7a5f7c6b49b9e381b9c150de1d1d42381ea61e80fc58b8a0e44cbba0da1dd392a88f29949865373c2c276ed2392f387c99405c8212
SSDEEP

196608:5vDTT4+v4N7e6tIIeha9yMEzlwYUe0noZ6vbY4SV9l:RD34+vme6aIek9REaYUexZ6jzSJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a900a599ee726d179f28b6f7d18c1c6

Files

5a900a599ee726d179f28b6f7d18c1c6
.exe windows:5 windows x86 arch:x86

8be87a87d7d2cb82ba86b065b2960678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

version

GetFileVersionInfoW

winmm

timeGetTime

comctl32

ImageList_ReplaceIcon

mpr

WNetUseConnectionW

wininet

InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile

userenv

DestroyEnvironmentBlock

uxtheme

IsThemeActive

user32

AdjustWindowRectEx
GetProcessWindowStation
GetUserObjectInformationW

gdi32

StrokePath

comdlg32

GetOpenFileNameW

advapi32

GetAce

shell32

DragQueryPoint

ole32

CoTaskMemAlloc

oleaut32

LoadTypeLibEx

Sections

Size: - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

👍 FOL
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

👍 FOL
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

👍 FOL
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8be87a87d7d2cb82ba86b065b2960678

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

userenv

uxtheme

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

Size: - Virtual size: 567KB

Size: - Virtual size: 191KB

Size: - Virtual size: 35KB

Size: - Virtual size: 490KB

Size: - Virtual size: 28KB

.idata Size: - Virtual size: 4KB

👍 FOL Size: - Virtual size: 115KB

.themida Size: - Virtual size: 4.3MB

.loadcon Size: - Virtual size: 4KB

.boot Size: - Virtual size: 2.8MB

👍 FOL Size: - Virtual size: 1.4MB

👍 FOL Size: 6.8MB - Virtual size: 6.8MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 115KB - Virtual size: 115KB

.idata
Size: - Virtual size: 4KB

👍 FOL
Size: - Virtual size: 115KB

.themida
Size: - Virtual size: 4.3MB

.loadcon
Size: - Virtual size: 4KB

.boot
Size: - Virtual size: 2.8MB

👍 FOL
Size: - Virtual size: 1.4MB

👍 FOL
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 115KB - Virtual size: 115KB