7b666403c010094ab5c0ab81309df5954eb62a7f694c36bcfff5bfbadb36fa9e

Sharing

Copy URL Twitter E-mail

General

Target

7b666403c010094ab5c0ab81309df5954eb62a7f694c36bcfff5bfbadb36fa9e
Size

5.2MB
MD5

dbee583f74aad3a4023ddfd3e7fd86db
SHA1

07729cd0f7ae24ff8ed46287a3797ce66b280e8a
SHA256

7b666403c010094ab5c0ab81309df5954eb62a7f694c36bcfff5bfbadb36fa9e
SHA512

018a872dd9c15064dc08b3c8ad61d8e343b92e0d37925b0dd1d6680171fcba351402fa2c067c36497f735d946ff983a49f3b598c84b8291ff67dd2615873c998
SSDEEP

98304:SXspptQdjIaJwaYY0lvP5R8iqTp/3GvLEx4Xo/jPI7KzR6phQouW6tE5:Scbmhtu5T8J3GvoxW7ssphQop6tE5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b666403c010094ab5c0ab81309df5954eb62a7f694c36bcfff5bfbadb36fa9e

Files

7b666403c010094ab5c0ab81309df5954eb62a7f694c36bcfff5bfbadb36fa9e
.exe windows:6 windows x86 arch:x86

3a227a5a19d8bc0e94cd4a8b57c9f2ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfA

gdi32

CreateCompatibleBitmap

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipGetImageEncoders

setupapi

SetupDiEnumDeviceInfo

ntdll

RtlUnicodeStringToAnsiString

rstrtmgr

RmStartSession

Exports

Exports

Start

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp•�
Size: - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp•�
Size: - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp•�
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp•�
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a227a5a19d8bc0e94cd4a8b57c9f2ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

rstrtmgr

Exports

Exports

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 171KB

.data Size: - Virtual size: 18KB

.vmp•� Size: - Virtual size: 346KB

.reloc Size: - Virtual size: 38KB

.edata Size: - Virtual size: 4KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.3MB

.vmp•� Size: - Virtual size: 651KB

.vmp•� Size: 1024B - Virtual size: 532B

.vmp•� Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 347KB - Virtual size: 346KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 171KB

.data
Size: - Virtual size: 18KB

.vmp•�
Size: - Virtual size: 346KB

.reloc
Size: - Virtual size: 38KB

.edata
Size: - Virtual size: 4KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.3MB

.vmp•�
Size: - Virtual size: 651KB

.vmp•�
Size: 1024B - Virtual size: 532B

.vmp•�
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 347KB - Virtual size: 346KB