ROTMG[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ROTMG.dll
Size

8.3MB
MD5

a0c11677deaa83ea452b73ae22489895
SHA1

2de3625a6bc977604325c38203596148fafa7319
SHA256

e3ac73bddcf901123fe7b7c5c11223764e6cb149d953c34756efc2e486922369
SHA512

c2f4b7683e8ca610b6b3329551542e5c134f21e705f90a390925aa453cb69f8e111a7f6c9234d9bce0012be928b27206b330477b1ccabb186d7e34ea311cdb2d
SSDEEP

98304:0Dl6BCsXIgJhcruy0zvvjw6yUt+aRMteH8FJxu/+PpiEiJJ69SgoLphFTCgmy7+l:4sXamM6j+rePmBibSIXegmy7rmtFW6

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ROTMG.dll

Files

ROTMG.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

Size: 284KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 45KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 284KB - Virtual size: 456KB

Size: 45KB - Virtual size: 95KB

Size: 1024B - Virtual size: 7KB

Size: 11KB - Virtual size: 18KB

Size: 1KB - Virtual size: 8KB

Size: 512B - Virtual size: 24B

Size: 512B - Virtual size: 480B

Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 11.7MB

.boot Size: 7.9MB - Virtual size: 7.9MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 11.7MB

.boot
Size: 7.9MB - Virtual size: 7.9MB

.reloc
Size: 16B - Virtual size: 4KB