ca021d74aa2e93ef4709312cd40f5a06

General

Target

ca021d74aa2e93ef4709312cd40f5a06
Size

1.4MB
MD5

ca021d74aa2e93ef4709312cd40f5a06
SHA1

c310a1fcc831056929c917ed06f2c414523e2cae
SHA256

caa8a696fe19ac95f7cc034bf1e88e2595f40e5963e6e0fa1b17bec055b552f5
SHA512

c695cf32a842698a52608484d35969d875298042bd7e608526f86d869e929827fd085f10df49f775df5936238f6aa4e2e6fc6903b72f4a3ad5a6dd3c78ef8a13
SSDEEP

24576:+I6TSkwLfwFrfWTif6vERhOnoLbRNVzGcnLhD0BY1+5Y99tEguzbQ1w2Rcp5mHUW:yG61pfOIYnoLbpzGcL10BO+K99tVuXQD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/PWMultiHack3/PWMultyHack3.exe	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PWMultiHack3/DinmaiteHF.dll
unpack001/PWMultiHack3/PWMultyHack3.exe

Files

ca021d74aa2e93ef4709312cd40f5a06
.rar
PWMultiHack3/DinmaiteHF.dll
.dll windows:4 windows x86 arch:x86

c55d58516ab8b94df1945dd02ca3b318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 138KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PWMultiHack3/PWMultyHack3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 246KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 1.2MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PWMultiHack3/config.txt

Sharing

General

Malware Config

Signatures

Files

c55d58516ab8b94df1945dd02ca3b318

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

comctl32

Sections

CODE Size: 138KB - Virtual size: 380KB

.rsrc Size: 8KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

Size: 246KB - Virtual size: 540KB

.rsrc Size: 66KB - Virtual size: 173KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 1.2MB - Virtual size: 2.5MB

CODE
Size: 138KB - Virtual size: 380KB

.rsrc
Size: 8KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 512B

.rsrc
Size: 66KB - Virtual size: 173KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 1.2MB - Virtual size: 2.5MB