0f2314ab7941f552b2cc441bb85bda3c437c0885feb47dc42b6b2be709713c90

Sharing

Copy URL

Twitter E-mail

General

Target

0f2314ab7941f552b2cc441bb85bda3c437c0885feb47dc42b6b2be709713c90
Size

4.8MB
MD5

d5a6713330458ab74d3bc5b7226b5e15
SHA1

6059bc25d6d8c7c909b07d9cf63d9f51f4c98c4e
SHA256

0f2314ab7941f552b2cc441bb85bda3c437c0885feb47dc42b6b2be709713c90
SHA512

85957cc41f3d5107620801a5498d9b9c07210a7af2cbdd3e461ed6a1a6e928be39ed6cba56eb56092a16590227a82a6663e266f4104ff367fa2d7b798f71607c
SSDEEP

98304:VPpTSPLLVyAEevJTqEngSwEVytBBAlWweabuKKis/tYKL:VPsP1yAEevJTqagSv6GWwewKiCYy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f2314ab7941f552b2cc441bb85bda3c437c0885feb47dc42b6b2be709713c90

Files

0f2314ab7941f552b2cc441bb85bda3c437c0885feb47dc42b6b2be709713c90
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0?$FFLazySingleton@VFExportPresetManager@@@@IEAA@XZ
??0FExportPresetHelper@@QEAA@W4FormatType@@@Z
??0FExportPresetHelper@@QEAA@XZ
??0FExportPresetManager@@QEAA@XZ
??0IFSmartEditExport@@QEAA@PEAVQWidget@@@Z
??1?$FFLazySingleton@VFExportPresetManager@@@@MEAA@XZ
??1FExportPresetHelper@@UEAA@XZ
??1FExportPresetManager@@UEAA@XZ
??1IFSmartEditExport@@UEAA@XZ
??_7?$FFLazySingleton@VFExportPresetManager@@@@6B@
??_7FExportPresetHelper@@6BIFFAppSettingsSyncProvider@@@
??_7FExportPresetHelper@@6BQObject@@@
??_7FExportPresetManager@@6B?$FFLazySingleton@VFExportPresetManager@@@@@
??_7FExportPresetManager@@6BIFFProjectManagerEventObserver@@@
??_7IFSmartEditExport@@6BQObject@@@
??_7IFSmartEditExport@@6BQPaintDevice@@@
?ConnectSignals@IFSmartEditExport@@AEAAXXZ
?CreateUI@IFSmartEditExport@@AEAAXXZ
?ExportToLocal@IFSmartEditExport@@QEAA_NXZ
?GetFormatFileDirectory@FExportPresetHelper@@AEAA?AVQString@@XZ
?GetPresetJsonDirectory@FExportPresetHelper@@AEAA?AVQString@@XZ
?OpenXmlFile@FExportPresetHelper@@AEAA_NAEAVQDomDocument@@VQString@@@Z
?RetranslateUi@IFSmartEditExport@@MEAAXXZ
?SetExportConfig@IFSmartEditExport@@QEAAXAEBVQVariant@@@Z
?SetTimeline@IFSmartEditExport@@QEAAXPEBVIFFTimeline@@@Z
?StopExportToLocal@IFSmartEditExport@@QEAA_NXZ
?activeInstance@?$FFLazySingleton@VFExportPresetManager@@@@SAPEAVFExportPresetManager@@XZ
?addPresetInfoItem@FExportPresetHelper@@QEAAXVQString@@UPresetValue@@@Z
?attachManager@?$FFLazySingleton@VFExportPresetManager@@@@MEBA_NXZ
?closeEvent@IFSmartEditExport@@MEAAXPEAVQCloseEvent@@@Z
?deletePresetInfoItem@FExportPresetHelper@@QEAAXVQString@@0@Z
?destory@?$FFLazySingleton@VFExportPresetManager@@@@MEAAXXZ
?doTranslate@IFSmartEditExport@@AEAAXXZ
?getAllPresetInfos@FExportPresetHelper@@AEAAXXZ
?getAllPresetNames@FExportPresetHelper@@QEAAXAEBVQString@@AEAVQStringList@@@Z
?getCurrentDefaultIndex@FExportPresetHelper@@QEAAHVQString@@0@Z
?getEncodeParamPreset@FExportPresetHelper@@QEBAXAEAVQString@@@Z
?getFormatFileName@FExportPresetHelper@@AEAA?AVQString@@XZ
?getPresetHelper@FExportPresetManager@@QEAAPEAVFExportPresetHelper@@W4FormatType@@@Z
?getPresetInfoFromJson@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
?getPresetValue@FExportPresetHelper@@QEAA?AUPresetValue@@W4PresetType@@VQString@@1@Z
?getSyncAppSetting@FExportPresetHelper@@UEAAXW4AppSettingType@@AEAVQString@@@Z
?init@FExportPresetManager@@AEAAXXZ
?initPresetInfos@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
?instance@?$FFLazySingleton@VFExportPresetManager@@@@SAPEAVFExportPresetManager@@XZ
?isActive@?$FFLazySingleton@VFExportPresetManager@@@@SA_NXZ
?isPresetNameRepeat@FExportPresetHelper@@QEAA_NVQString@@0@Z
?m_oMutex@?$FFLazySingleton@VFExportPresetManager@@@@0VQMutex@@A
?m_pInstance@?$FFLazySingleton@VFExportPresetManager@@@@0PEAVFExportPresetManager@@EA
?metaObject@FExportPresetHelper@@UEBAPEBUQMetaObject@@XZ
?metaObject@IFSmartEditExport@@UEBAPEBUQMetaObject@@XZ
?onBeforeActiveProjectChangeEvent@FExportPresetManager@@UEAAXXZ
?overWritePresetInfoItem@FExportPresetHelper@@QEAAXVQString@@UPresetValue@@@Z
?presetIsModify@FExportPresetHelper@@AEAAXXZ
?projectParamModified@FExportPresetManager@@QEAAXXZ
?qt_metacall@FExportPresetHelper@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacall@IFSmartEditExport@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@FExportPresetHelper@@UEAAPEAXPEBD@Z
?qt_metacast@IFSmartEditExport@@UEAAPEAXPEBD@Z
?qt_static_metacall@FExportPresetHelper@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?qt_static_metacall@IFSmartEditExport@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?reject@IFSmartEditExport@@MEAAXXZ
?release@?$FFLazySingleton@VFExportPresetManager@@@@SAXXZ
?resetFirstOpenDefault@FExportPresetHelper@@QEAAXXZ
?resetFirstOpenPresetNameToDefault@FExportPresetHelper@@QEAAXXZ
?saveAllPresetInfos@FExportPresetHelper@@AEAAX_N@Z
?setEncodeParamPreset@FExportPresetHelper@@QEAAXAEBVQString@@@Z
?setPresetValue@FExportPresetHelper@@QEAAXW4PresetType@@VQString@@UPresetValue@@@Z
?setSyncAppSetting@FExportPresetHelper@@UEAAXW4AppSettingType@@AEBVQString@@@Z
?staticMetaObject@FExportPresetHelper@@2UQMetaObject@@B
?staticMetaObject@IFSmartEditExport@@2UQMetaObject@@B
?toPresetObject@FExportPresetHelper@@AEBA?AVQJsonObject@@AEBUPresetValue@@@Z
?toPresetValue@FExportPresetHelper@@AEBA?AUPresetValue@@AEBVQJsonObject@@@Z
?tr@FExportPresetHelper@@SA?AVQString@@PEBD0H@Z
?tr@IFSmartEditExport@@SA?AVQString@@PEBD0H@Z
?trUtf8@FExportPresetHelper@@SA?AVQString@@PEBD0H@Z
?trUtf8@IFSmartEditExport@@SA?AVQString@@PEBD0H@Z
?updateFormatData@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
exportShowGuideTimeline
exportTemplateTimeline
exportTimeline
limitExportType

Sections

Size: 342KB - Virtual size: 1009KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 482KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 33KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 342KB - Virtual size: 1009KB

Size: 482KB - Virtual size: 841KB

Size: 3KB - Virtual size: 16KB

Size: 33KB - Virtual size: 53KB

Size: 29KB - Virtual size: 173KB

Size: 2KB - Virtual size: 12KB

.exports Size: 5KB - Virtual size: 5KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 174KB - Virtual size: 174KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 512B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 8KB

.exports
Size: 5KB - Virtual size: 5KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 174KB - Virtual size: 174KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 512B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 8KB