d50ca46801c1c1b3e155568797a0b1d14cb20220070613f9fe0850c5a86356a8

Sharing

Copy URL Twitter E-mail

General

Target

d50ca46801c1c1b3e155568797a0b1d14cb20220070613f9fe0850c5a86356a8
Size

3.8MB
MD5

c8edec56e1f7d6523e344b1cd2b61268
SHA1

67f0fc909c9c7e0a1d5dc6fda2178fcc786c1029
SHA256

d50ca46801c1c1b3e155568797a0b1d14cb20220070613f9fe0850c5a86356a8
SHA512

04811b7ae3bb4941d50a6ef9f5db91077dd27fb3ea5cec132d10476b4de0ab1c6abbd2713f6bd7e589f16c581037b780622780d5b99ccf1fbc7864ceb3066cd1
SSDEEP

98304:QmMmoNo88krEIOdu8b68eyiSuYkd2dcNGiOJR/wetVIW0t:QioqXIawyiR6DfJRJP0t

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d50ca46801c1c1b3e155568797a0b1d14cb20220070613f9fe0850c5a86356a8

Files

d50ca46801c1c1b3e155568797a0b1d14cb20220070613f9fe0850c5a86356a8
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0FFRegisterCheckHelper@@QEAA@PEAVQObject@@@Z
??0RegisterHelper@@QEAA@AEBVQString@@000@Z
??1FFRegisterCheckHelper@@UEAA@XZ
??1RegisterHelper@@QEAA@XZ
??4RegisterHelper@@QEAAAEAV0@AEBV0@@Z
??_7FFRegisterCheckHelper@@6B@
??_FFFRegisterCheckHelper@@QEAAXXZ
?DoRegistration@RegisterHelper@@QEAA_NAEBVQString@@00@Z
?DoUnregistered@RegisterHelper@@QEAAXXZ
?GetEmail@RegisterHelper@@QEAA?AVQString@@XZ
?GetRegCode@RegisterHelper@@QEAA?AVQString@@XZ
?GetRegistered@RegisterHelper@@QEAA_NXZ
?UpdateInfo@RegisterHelper@@QEAAXXZ
?doCheck@FFRegisterCheckHelper@@QEAAXXZ
?metaObject@FFRegisterCheckHelper@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@FFRegisterCheckHelper@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@FFRegisterCheckHelper@@UEAAPEAXPEBD@Z
?qt_static_metacall@FFRegisterCheckHelper@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?signalCheckFinished@FFRegisterCheckHelper@@QEAAX_NAEBVQString@@@Z
?staticMetaObject@FFRegisterCheckHelper@@2UQMetaObject@@B
?tr@FFRegisterCheckHelper@@SA?AVQString@@PEBD0H@Z
?trUtf8@FFRegisterCheckHelper@@SA?AVQString@@PEBD0H@Z

Sections

Size: 33KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 53KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 33KB - Virtual size: 81KB

Size: 10KB - Virtual size: 37KB

Size: 512B - Virtual size: 3KB

Size: 3KB - Virtual size: 5KB

Size: 53KB - Virtual size: 191KB

Size: 512B - Virtual size: 344B

.edata Size: 1KB - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 192KB - Virtual size: 192KB

.themida Size: - Virtual size: 4.9MB

.boot Size: 3.5MB - Virtual size: 3.5MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 192KB - Virtual size: 192KB

.themida
Size: - Virtual size: 4.9MB

.boot
Size: 3.5MB - Virtual size: 3.5MB

.reloc
Size: 16B - Virtual size: 4KB