15c411b0c83b8dabfe96a82bd60d3653eea34e24c7d9a34bc2b4df14ee469ec3

Sharing

Copy URL Twitter E-mail

General

Target

15c411b0c83b8dabfe96a82bd60d3653eea34e24c7d9a34bc2b4df14ee469ec3
Size

4.6MB
MD5

cce1f2a3d8bd172c1fa55d7744902162
SHA1

0fe6642ced953b792683108e805602a7930c3e1e
SHA256

15c411b0c83b8dabfe96a82bd60d3653eea34e24c7d9a34bc2b4df14ee469ec3
SHA512

58154669ca851c2c0e15b5d86dd4588b7ce68e590094e8ff610f401f28033695cfa466d82f296e8193dcc4ea7b1c85e40ce577a9eeb29d955c5613a64f7ae83d
SSDEEP

98304:Gu7Oyt8e7kuE675V7UIw87qkKOxbmcAIR3UJl2IHwYS:GuqyF715VII37qkJjgWmw

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15c411b0c83b8dabfe96a82bd60d3653eea34e24c7d9a34bc2b4df14ee469ec3

Files

15c411b0c83b8dabfe96a82bd60d3653eea34e24c7d9a34bc2b4df14ee469ec3
.exe windows:6 windows x86 arch:x86

66f74d2912b30f091ae5273716210a42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowRect

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

shell32

SHGetFolderPathA

ole32

CoCreateInstance

ws2_32

WSACleanup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipSaveImageToFile

setupapi

SetupDiEnumDeviceInterfaces

ntdll

RtlUnicodeStringToAnsiString

Sections

Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tar0
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tar1
Size: - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tar2
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tar3
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66f74d2912b30f091ae5273716210a42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

Sections

Size: - Virtual size: 1.0MB

Size: - Virtual size: 202KB

Size: - Virtual size: 13KB

.tar0 Size: - Virtual size: 133KB

Size: - Virtual size: 32KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: - Virtual size: 1.7MB

.tar1 Size: - Virtual size: 876KB

.tar2 Size: 1024B - Virtual size: 516B

.tar3 Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 10KB - Virtual size: 133KB

.tar0
Size: - Virtual size: 133KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: - Virtual size: 1.7MB

.tar1
Size: - Virtual size: 876KB

.tar2
Size: 1024B - Virtual size: 516B

.tar3
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 10KB - Virtual size: 133KB