d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1

Sharing

Copy URL Twitter E-mail

General

Target

d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1
Size

5.7MB
MD5

6831bae11d01a5fa8989d0a1677a9fc7
SHA1

3a2833a59afa468adc4931513240a8362c3fbf8a
SHA256

d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1
SHA512

d83f20ee64091be19465a604482c4a6162938b5ca54e54a5aed340cd8d08408274fcf1740f8a9b082fbf2748c85da6f05dd378a7af3d5cac6ea6b2dfacf52258
SSDEEP

98304:6g+5oSER97qu2JlgXWJWmOvoamrWmFlGIKHQ20cPRgivSXDNXUWNJRqkGu/6CD/k:6g+5a2JlzGTmnfMPRg1zNkU6kLD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1

Files

d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1
.exe windows:6 windows x86 arch:x86

28cc55450edf4eab5f9510f1b709a4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¡D�
Size: - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¡D�
Size: - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¡D�
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¡D�
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28cc55450edf4eab5f9510f1b709a4a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 1.3MB

Size: - Virtual size: 173KB

Size: - Virtual size: 34KB

.vmp¡D� Size: - Virtual size: 310KB

Size: - Virtual size: 39KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.7MB

.boot Size: - Virtual size: 2.6MB

.vmp¡D� Size: - Virtual size: 671KB

.vmp¡D� Size: 512B - Virtual size: 468B

.vmp¡D� Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 168KB - Virtual size: 310KB

.vmp¡D�
Size: - Virtual size: 310KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.7MB

.boot
Size: - Virtual size: 2.6MB

.vmp¡D�
Size: - Virtual size: 671KB

.vmp¡D�
Size: 512B - Virtual size: 468B

.vmp¡D�
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 168KB - Virtual size: 310KB