modding-loader[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

modding-loader.exe
Size

3.8MB
MD5

1989517335c48bebe6183a3845860db0
SHA1

466aa083943b9bbf1fc9647e0f9a3e08fec40410
SHA256

f65b88ab3dac92371a1c98ef984e471947a6391d4411ec021005479643789f27
SHA512

740e36decb7c544985152f5710f1c6365bf5159cbd7c7a5d08f261bc538067a425d0eb0728271bdcab75cb246acf3904552d53cf0c9d5465c994dad2b998a18a
SSDEEP

49152:X3Sr0Ad9J2yyp6U1QJUIUXoo72tqNugEbiVB1EPf3/wV6StUc+ZecxyATf/Rl+nF:Gbd32fp6U1QJMWwdSEGc2es/+nsk

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
modding-loader.exe

Files

modding-loader.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0AsmParser@asmtk@@QEAA@PEAVBaseEmitter@asmjit@@@Z
??0AsmTokenizer@asmtk@@QEAA@XZ
??0Assembler@x86@asmjit@@QEAA@PEAVCodeHolder@2@@Z
??0BaseAssembler@asmjit@@QEAA@XZ
??0BaseBuilder@asmjit@@QEAA@XZ
??0BaseCompiler@asmjit@@QEAA@XZ
??0BaseEmitter@asmjit@@QEAA@I@Z
??0Builder@x86@asmjit@@QEAA@PEAVCodeHolder@2@@Z
??0CodeHolder@asmjit@@QEAA@XZ
??0Compiler@x86@asmjit@@QEAA@PEAVCodeHolder@2@@Z
??0ConstPool@asmjit@@QEAA@PEAVZone@1@@Z
??0ErrorHandler@asmjit@@QEAA@XZ
??0FileLogger@asmjit@@QEAA@PEAU_iobuf@@@Z
??0FuncPass@asmjit@@QEAA@PEBD@Z
??0JitAllocator@asmjit@@QEAA@PEBUCreateParams@01@@Z
??0JitRuntime@asmjit@@QEAA@PEBUCreateParams@JitAllocator@1@@Z
??0Logger@asmjit@@QEAA@XZ
??0Pass@asmjit@@QEAA@PEBD@Z
??0StringLogger@asmjit@@QEAA@XZ
??0Target@asmjit@@QEAA@XZ
??1AsmParser@asmtk@@QEAA@XZ
??1AsmTokenizer@asmtk@@QEAA@XZ
??1Assembler@x86@asmjit@@UEAA@XZ
??1BaseAssembler@asmjit@@UEAA@XZ
??1BaseBuilder@asmjit@@UEAA@XZ
??1BaseCompiler@asmjit@@UEAA@XZ
??1BaseEmitter@asmjit@@UEAA@XZ
??1Builder@x86@asmjit@@UEAA@XZ
??1CodeHolder@asmjit@@QEAA@XZ
??1Compiler@x86@asmjit@@UEAA@XZ
??1ConstPool@asmjit@@QEAA@XZ
??1ErrorHandler@asmjit@@UEAA@XZ
??1FileLogger@asmjit@@UEAA@XZ
??1JitAllocator@asmjit@@QEAA@XZ
??1JitRuntime@asmjit@@UEAA@XZ
??1Logger@asmjit@@UEAA@XZ
??1Pass@asmjit@@UEAA@XZ
??1StringLogger@asmjit@@UEAA@XZ
??1Target@asmjit@@UEAA@XZ
??_FAssembler@x86@asmjit@@QEAAXXZ
??_FBuilder@x86@asmjit@@QEAAXXZ
??_FCompiler@x86@asmjit@@QEAAXXZ
??_FFileLogger@asmjit@@QEAAXXZ
??_FJitAllocator@asmjit@@QEAAXXZ
??_FJitRuntime@asmjit@@QEAAXXZ
?_add@JitRuntime@asmjit@@UEAAIPEAPEAXPEAVCodeHolder@2@@Z
?_alloc@Zone@asmjit@@QEAAPEAX_K0@Z
?_alloc@ZoneAllocator@asmjit@@QEAAPEAX_KAEA_K@Z
?_allocZeroed@ZoneAllocator@asmjit@@QEAAPEAX_KAEA_K@Z
?_append@ZoneBitVector@asmjit@@QEAAIPEAVZoneAllocator@2@_N@Z
?_cleanupBlock@ZoneStackBase@asmjit@@QEAAXI_K@Z
?_commonInfoTable@InstDB@x86@asmjit@@3QBUCommonInfo@123@B
?_emit@Assembler@x86@asmjit@@UEAAIIAEBUOperand_@3@000@Z
?_emit@BaseAssembler@asmjit@@UEAAIIAEBUOperand_@2@00000@Z
?_emit@BaseBuilder@asmjit@@UEAAIIAEBUOperand_@2@00000@Z
?_emit@BaseBuilder@asmjit@@UEAAIIAEBUOperand_@2@000@Z
?_emitOpArray@BaseAssembler@asmjit@@UEAAIIPEBUOperand_@2@_K@Z
?_grow@ZoneVectorBase@asmjit@@IEAAIPEAVZoneAllocator@2@II@Z
?_init@Zone@asmjit@@QEAAX_K0PEBUTemporary@Support@2@@Z
?_init@ZoneStackBase@asmjit@@QEAAIPEAVZoneAllocator@2@_K@Z
?_insert@ZoneHashBase@asmjit@@QEAAPEAVZoneHashNode@2@PEAVZoneAllocator@2@PEAV32@@Z
?_instInfoTable@InstDB@x86@asmjit@@3QBUInstInfo@123@B
?_instSignatureTable@InstDB@x86@asmjit@@3QBUInstSignature@123@B
?_log@FileLogger@asmjit@@UEAAIPEBD_K@Z
?_log@StringLogger@asmjit@@UEAAIPEBD_K@Z
?_newConst@BaseCompiler@asmjit@@QEAAIAEAVBaseMem@2@IPEBX_K@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@AEBV32@PEBD@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@AEBV32@PEBDPEAD@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@IPEBD@Z
?_newReg@BaseCompiler@asmjit@@QEAAIAEAVBaseReg@2@IPEBDPEAD@Z
?_newStack@BaseCompiler@asmjit@@QEAAIAEAVBaseMem@2@IIPEBD@Z
?_opChar@String@asmjit@@QEAAIID@Z
?_opChars@String@asmjit@@QEAAIID_K@Z
?_opFormat@String@asmjit@@QEAAIIPEBDZZ
?_opHex@String@asmjit@@QEAAIIPEBX_KD@Z
?_opNumber@String@asmjit@@QEAAII_KI0I@Z
?_opSignatureTable@InstDB@x86@asmjit@@3QBUOpSignature@123@B
?_opString@String@asmjit@@QEAAIIPEBD_K@Z
?_opVFormat@String@asmjit@@QEAAIIPEBDPEAD@Z
?_prepareBlock@ZoneStackBase@asmjit@@QEAAII_K@Z
?_rehash@ZoneHashBase@asmjit@@QEAAXPEAVZoneAllocator@2@I@Z
?_release@JitRuntime@asmjit@@UEAAIPEAX@Z
?_releaseDynamic@ZoneAllocator@asmjit@@QEAAXPEAX_K@Z
?_remove@ZoneHashBase@asmjit@@QEAAPEAVZoneHashNode@2@PEAVZoneAllocator@2@PEAV32@@Z
?_reserve@ZoneVectorBase@asmjit@@IEAAIPEAVZoneAllocator@2@II@Z
?_resize@ZoneBitVector@asmjit@@QEAAIPEAVZoneAllocator@2@II_N@Z
?_resize@ZoneVectorBase@asmjit@@IEAAIPEAVZoneAllocator@2@II@Z
?_setArg@FuncCallNode@asmjit@@QEAA_NIAEBUOperand_@2@@Z
?_setRet@FuncCallNode@asmjit@@QEAA_NIAEBUOperand_@2@@Z
?_typeData@Type@asmjit@@3UTypeData@12@B
?_zeroBlock@Zone@asmjit@@2UBlock@12@B
?add@ConstPool@asmjit@@QEAAIPEBX_KAEA_K@Z
?addAddressToAddressTable@CodeHolder@asmjit@@QEAAI_K@Z
?addAfter@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@0@Z
?addBefore@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@0@Z
?addCall@BaseCompiler@asmjit@@QEAAPEAVFuncCallNode@2@IAEBUOperand_@2@AEBUFuncSignature@2@@Z
?addEmitterOptions@CodeHolder@asmjit@@QEAAXI@Z
?addFunc@BaseCompiler@asmjit@@QEAAPEAVFuncNode@2@AEBUFuncSignature@2@@Z
?addFunc@BaseCompiler@asmjit@@QEAAPEAVFuncNode@2@PEAV32@@Z
?addNode@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@@Z
?addPass@BaseBuilder@asmjit@@QEAAIPEAVPass@2@@Z
?addRet@BaseCompiler@asmjit@@QEAAPEAVFuncRetNode@2@AEBUOperand_@2@0@Z
?align@Assembler@x86@asmjit@@UEAAIII@Z
?align@BaseBuilder@asmjit@@UEAAIII@Z
?alloc@JitAllocator@asmjit@@QEAAIPEAPEAX0_K@Z
?alloc@VirtMem@asmjit@@YAIPEAPEAX_KI@Z
?allocDualMapping@VirtMem@asmjit@@YAIPEAUDualMapping@12@_KI@Z
?allocZeroed@Zone@asmjit@@QEAAPEAX_K0@Z
?assertionFailed@DebugUtils@asmjit@@YAXPEBDH0@Z
?assignString@String@asmjit@@QEAAIPEBD_K@Z
?attach@CodeHolder@asmjit@@QEAAIPEAVBaseEmitter@2@@Z
?bind@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@@Z
?bind@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@@Z
?bindLabel@CodeHolder@asmjit@@QEAAIAEBVLabel@2@I_K@Z
?clear@String@asmjit@@QEAAIXZ
?clearEmitterOptions@CodeHolder@asmjit@@QEAAXI@Z
?codeSize@CodeHolder@asmjit@@QEBA_KXZ
?comment@BaseAssembler@asmjit@@UEAAIPEBD_K@Z
?comment@BaseBuilder@asmjit@@UEAAIPEBD_K@Z
?commentf@BaseEmitter@asmjit@@QEAAIPEBDZZ
?commentv@BaseEmitter@asmjit@@QEAAIPEBDPEAD@Z
?copyFlattenedData@CodeHolder@asmjit@@QEAAIPEAX_KI@Z
?copyFrom@ZoneBitVector@asmjit@@QEAAIPEAVZoneAllocator@2@AEBV12@@Z
?copySectionData@CodeHolder@asmjit@@QEAAIPEAX_KII@Z
?debugOutput@DebugUtils@asmjit@@YAXPEBD@Z
?deletePass@BaseBuilder@asmjit@@QEAAIPEAVPass@2@@Z
?detach@CodeHolder@asmjit@@QEAAIPEAVBaseEmitter@2@@Z
?dump@BaseBuilder@asmjit@@QEBAIAEAVString@2@I@Z
?dup@Zone@asmjit@@QEAAPEAXPEBX_K_N@Z
?embed@BaseAssembler@asmjit@@UEAAIPEBXI@Z
?embed@BaseBuilder@asmjit@@UEAAIPEBXI@Z
?embedConstPool@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@AEBVConstPool@2@@Z
?embedConstPool@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@AEBVConstPool@2@@Z
?embedLabel@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@@Z
?embedLabel@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@@Z
?embedLabelDelta@BaseAssembler@asmjit@@UEAAIAEBVLabel@2@0I@Z
?embedLabelDelta@BaseBuilder@asmjit@@UEAAIAEBVLabel@2@0I@Z
?emitArgsAssignment@BaseEmitter@asmjit@@QEAAIAEBVFuncFrame@2@AEBVFuncArgsAssignment@2@@Z
?emitEpilog@BaseEmitter@asmjit@@QEAAIAEBVFuncFrame@2@@Z
?emitProlog@BaseEmitter@asmjit@@QEAAIAEBVFuncFrame@2@@Z
?endFunc@BaseCompiler@asmjit@@QEAAIXZ
?ensureAddressTableSection@CodeHolder@asmjit@@QEAAPEAVSection@2@XZ
?eq@String@asmjit@@QEBA_NPEBD_K@Z
?errorAsString@DebugUtils@asmjit@@YAPEBDI@Z
?fill@ConstPool@asmjit@@QEBAXPEAX@Z
?finalize@BaseEmitter@asmjit@@UEAAIXZ
?finalize@Builder@x86@asmjit@@UEAAIXZ
?finalize@Compiler@x86@asmjit@@UEAAIXZ
?finalize@FuncFrame@asmjit@@QEAAIXZ
?flatten@CodeHolder@asmjit@@QEAAIXZ
?flush@JitRuntime@asmjit@@UEAAXPEBX_K@Z
?formatInstruction@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@IAEBVBaseInst@2@PEBUOperand_@2@I@Z
?formatLabel@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@I@Z
?formatNode@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseBuilder@2@PEBVBaseNode@2@@Z
?formatOperand@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@IAEBUOperand_@2@@Z
?formatRegister@Logging@asmjit@@SAIAEAVString@2@IPEBVBaseEmitter@2@III@Z
?formatTypeId@Logging@asmjit@@SAIAEAVString@2@I@Z
?getTickCount@OSUtils@asmjit@@YAIXZ
?growBuffer@CodeHolder@asmjit@@QEAAIPEAUCodeBuffer@2@_K@Z
?host@CpuInfo@asmjit@@SAAEBV12@XZ
?info@VirtMem@asmjit@@YA?AUInfo@12@XZ
?init@ArchInfo@asmjit@@QEAAXII@Z
?init@CallConv@asmjit@@QEAAII@Z
?init@CodeHolder@asmjit@@QEAAIAEBVCodeInfo@2@@Z
?init@FuncDetail@asmjit@@QEAAIAEBUFuncSignature@2@@Z
?init@FuncFrame@asmjit@@QEAAIAEBVFuncDetail@2@@Z
?instIdToString@InstAPI@asmjit@@YAIIIAEAVString@2@@Z
?isLabelValid@BaseEmitter@asmjit@@QEBA_NI@Z
?labelByName@BaseEmitter@asmjit@@QEAA?AVLabel@2@PEBD_KI@Z
?labelIdByName@CodeHolder@asmjit@@QEAAIPEBD_KI@Z
?labelNodeOf@BaseBuilder@asmjit@@QEAAIPEAPEAVLabelNode@2@I@Z
?logBinary@Logger@asmjit@@QEAAIPEBX_K@Z
?logf@Logger@asmjit@@QEAAIPEBDZZ
?logv@Logger@asmjit@@QEAAIPEBDPEAD@Z
?newAlignNode@BaseBuilder@asmjit@@QEAAPEAVAlignNode@2@II@Z
?newCall@BaseCompiler@asmjit@@QEAAPEAVFuncCallNode@2@IAEBUOperand_@2@AEBUFuncSignature@2@@Z
?newCommentNode@BaseBuilder@asmjit@@QEAAPEAVCommentNode@2@PEBD_K@Z
?newConstPoolNode@BaseBuilder@asmjit@@QEAAPEAVConstPoolNode@2@XZ
?newEmbedDataNode@BaseBuilder@asmjit@@QEAAPEAVEmbedDataNode@2@PEBXI@Z
?newFunc@BaseCompiler@asmjit@@QEAAPEAVFuncNode@2@AEBUFuncSignature@2@@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@000@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@00@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@0@Z
?newInstNode@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@IIAEBUOperand_@2@@Z
?newInstNodeRaw@BaseBuilder@asmjit@@QEAAPEAVInstNode@2@III@Z
?newLabel@BaseAssembler@asmjit@@UEAA?AVLabel@2@XZ
?newLabel@BaseBuilder@asmjit@@UEAA?AVLabel@2@XZ
?newLabelEntry@CodeHolder@asmjit@@QEAAIPEAPEAVLabelEntry@2@@Z
?newLabelLink@CodeHolder@asmjit@@QEAAPEAULabelLink@2@PEAVLabelEntry@2@I_K_J@Z
?newLabelNode@BaseBuilder@asmjit@@QEAAPEAVLabelNode@2@XZ
?newNamedLabel@BaseAssembler@asmjit@@UEAA?AVLabel@2@PEBD_KII@Z
?newNamedLabel@BaseBuilder@asmjit@@UEAA?AVLabel@2@PEBD_KII@Z
?newNamedLabelEntry@CodeHolder@asmjit@@QEAAIPEAPEAVLabelEntry@2@PEBD_KII@Z
?newRelocEntry@CodeHolder@asmjit@@QEAAIPEAPEAURelocEntry@2@II@Z
?newRet@BaseCompiler@asmjit@@QEAAPEAVFuncRetNode@2@AEBUOperand_@2@0@Z
?newSection@CodeHolder@asmjit@@QEAAIPEAPEAVSection@2@PEBD_KII@Z
?newVirtReg@BaseCompiler@asmjit@@QEAAPEAVVirtReg@2@IIPEBD@Z
?next@AsmTokenizer@asmtk@@QEAAIPEAUAsmToken@2@I@Z
?nextToken@AsmParser@asmtk@@QEAAIPEAUAsmToken@2@I@Z
?onAttach@Assembler@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onAttach@BaseAssembler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onAttach@BaseBuilder@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onAttach@BaseCompiler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onAttach@Builder@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onAttach@Compiler@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onDetach@Assembler@x86@asmjit@@UEAAIPEAVCodeHolder@3@@Z
?onDetach@BaseAssembler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onDetach@BaseBuilder@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onDetach@BaseCompiler@asmjit@@UEAAIPEAVCodeHolder@2@@Z
?onUpdateGlobalInstOptions@BaseEmitter@asmjit@@QEAAXXZ
?opData@x86@asmjit@@3UOpData@12@B
?padEnd@String@asmjit@@QEAAI_KD@Z
?parse@AsmParser@asmtk@@QEAAIPEBD_K@Z
?parseCommand@AsmParser@asmtk@@QEAAIXZ
?passByName@BaseBuilder@asmjit@@QEBAPEAVPass@2@PEBD@Z
?prepare@String@asmjit@@QEAAPEADI_K@Z
?protect@VirtMem@asmjit@@YAIPEAX_KI@Z
?putTokenBack@AsmParser@asmtk@@QEAAXPEAUAsmToken@2@@Z
?queryFeatures@InstAPI@asmjit@@YAIIAEBVBaseInst@2@PEBUOperand_@2@IAEAVBaseFeatures@2@@Z
?queryRWInfo@InstAPI@asmjit@@YAIIAEBVBaseInst@2@PEBUOperand_@2@IAEAUInstRWInfo@2@@Z
?registerLabelNode@BaseBuilder@asmjit@@QEAAIPEAVLabelNode@2@@Z
?release@JitAllocator@asmjit@@QEAAIPEAX@Z
?release@VirtMem@asmjit@@YAIPEAX_K@Z
?releaseDualMapping@VirtMem@asmjit@@YAIPEAUDualMapping@12@_K@Z
?relocateToBase@CodeHolder@asmjit@@QEAAI_K@Z
?removeNode@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@@Z
?removeNodes@BaseBuilder@asmjit@@QEAAXPEAVBaseNode@2@0@Z
?rename@BaseCompiler@asmjit@@QEAAXAEBVBaseReg@2@PEBDZZ
?reportError@BaseEmitter@asmjit@@QEAAIIPEBD@Z
?reserveBuffer@CodeHolder@asmjit@@QEAAIPEAUCodeBuffer@2@_K@Z
?reset@CodeHolder@asmjit@@QEAAXI@Z
?reset@ConstPool@asmjit@@QEAAXPEAVZone@2@@Z
?reset@JitAllocator@asmjit@@QEAAXI@Z
?reset@String@asmjit@@QEAAIXZ
?reset@Zone@asmjit@@QEAAXI@Z
?reset@ZoneAllocator@asmjit@@QEAAXPEAVZone@2@@Z
?resolveUnresolvedLinks@CodeHolder@asmjit@@QEAAIXZ
?run@FuncPass@asmjit@@UEAAIPEAVZone@2@PEAVLogger@2@@Z
?runPasses@BaseBuilder@asmjit@@QEAAIXZ
?section@BaseAssembler@asmjit@@UEAAIPEAVSection@2@@Z
?section@BaseBuilder@asmjit@@UEAAIPEAVSection@2@@Z
?sectionByName@CodeHolder@asmjit@@QEBAPEAVSection@2@PEBD_K@Z
?sectionNodeOf@BaseBuilder@asmjit@@QEAAIPEAPEAVSectionNode@2@I@Z
?serialize@BaseBuilder@asmjit@@QEAAIPEAVBaseEmitter@2@@Z
?setArg@BaseCompiler@asmjit@@QEAAIIAEBVBaseReg@2@@Z
?setCursor@BaseBuilder@asmjit@@QEAAPEAVBaseNode@2@PEAV32@@Z
?setLogger@CodeHolder@asmjit@@QEAAXPEAVLogger@2@@Z
?setOffset@BaseAssembler@asmjit@@QEAAI_K@Z
?sformat@Zone@asmjit@@QEAAPEADPEBDZZ
?shrink@JitAllocator@asmjit@@QEAAIPEAX_K@Z
?statistics@JitAllocator@asmjit@@QEBA?AUStatistics@12@XZ
?stringToInstId@InstAPI@asmjit@@YAIIPEBD_K@Z
?truncate@String@asmjit@@QEAAI_K@Z
?typeIdToRegInfo@ArchUtils@asmjit@@SAIIAEAIAEAURegInfo@2@@Z
?updateFuncFrame@FuncArgsAssignment@asmjit@@QEBAIAEAVFuncFrame@2@@Z
?updateSectionLinks@BaseBuilder@asmjit@@QEAAXXZ
?validate@InstAPI@asmjit@@YAIIAEBVBaseInst@2@PEBUOperand_@2@I@Z

Sections

Size: 276KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 73KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 276KB - Virtual size: 580KB

Size: 73KB - Virtual size: 185KB

Size: 1KB - Virtual size: 19KB

Size: 14KB - Virtual size: 23KB

Size: 512B - Virtual size: 500B

Size: 2KB - Virtual size: 3KB

.edata Size: 15KB - Virtual size: 15KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 15KB - Virtual size: 15KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB