FEXPOR~1[.]DLL

Sharing

Copy URL Twitter E-mail

General

Target

FEXPOR~1.DLL
Size

5.0MB
MD5

d12decd912442f0e598513502755caba
SHA1

a5f4beaf471984ae1cff64520060ccd723a51f02
SHA256

236b88ceebe7a31e7da40127c91f674e6a8662711fe68d84d7df199b07c03b30
SHA512

b1755c8660c96449e7f06df5724af304d0bbbdfc0f953adf23f75aeceb01712359cf733b4b48cdaf7316007c1a9281616ccff2efe4d3f43762fa3ca0362c53bd
SSDEEP

98304:XVmi2cErmrF4B0oTDxV8zLixktNb9B6xuytl8v7Rm7i53SCDHhxEKu:oi7Er4F4B0oRqOcJ0pcv78OCooKu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FEXPOR~1.DLL

Files

FEXPOR~1.DLL
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0?$FFLazySingleton@VFExportPresetManager@@@@IEAA@XZ
??0FExportPresetHelper@@QEAA@AEBV0@@Z
??0FExportPresetHelper@@QEAA@W4FormatType@@@Z
??0FExportPresetHelper@@QEAA@XZ
??0FExportPresetManager@@QEAA@XZ
??0IFSmartEditExport@@QEAA@PEAVQWidget@@@Z
??1?$FFLazySingleton@VFExportPresetManager@@@@MEAA@XZ
??1FExportPresetHelper@@QEAA@XZ
??1FExportPresetManager@@UEAA@XZ
??1IFSmartEditExport@@UEAA@XZ
??4FExportPresetHelper@@QEAAAEAV0@AEBV0@@Z
??_7?$FFLazySingleton@VFExportPresetManager@@@@6B@
??_7FExportPresetManager@@6B?$FFLazySingleton@VFExportPresetManager@@@@@
??_7FExportPresetManager@@6BIFFProjectManagerEventObserver@@@
??_7IFSmartEditExport@@6BQObject@@@
??_7IFSmartEditExport@@6BQPaintDevice@@@
?ConnectSignals@IFSmartEditExport@@AEAAXXZ
?CreateUI@IFSmartEditExport@@AEAAXXZ
?ExportToLocal@IFSmartEditExport@@QEAA_NXZ
?GetFormatFileDirectory@FExportPresetHelper@@AEAA?AVQString@@XZ
?GetPresetJsonDirectory@FExportPresetHelper@@AEAA?AVQString@@XZ
?OpenXmlFile@FExportPresetHelper@@AEAA_NAEAVQDomDocument@@VQString@@@Z
?RetranslateUi@IFSmartEditExport@@MEAAXXZ
?SetExportConfig@IFSmartEditExport@@QEAAXAEBVQVariant@@@Z
?SetTimeline@IFSmartEditExport@@QEAAXPEBVIFFTimeline@@@Z
?StopExportToLocal@IFSmartEditExport@@QEAA_NXZ
?addPresetInfoItem@FExportPresetHelper@@QEAAXVQString@@UPresetValue@@@Z
?attachManager@?$FFLazySingleton@VFExportPresetManager@@@@MEBA_NXZ
?closeEvent@IFSmartEditExport@@MEAAXPEAVQCloseEvent@@@Z
?deletePresetInfoItem@FExportPresetHelper@@QEAAXVQString@@0@Z
?destory@?$FFLazySingleton@VFExportPresetManager@@@@MEAAXXZ
?doTranslate@IFSmartEditExport@@AEAAXXZ
?getAllPresetInfos@FExportPresetHelper@@AEAAXXZ
?getAllPresetNames@FExportPresetHelper@@QEAAXAEBVQString@@AEAVQStringList@@@Z
?getCurrentDefaultIndex@FExportPresetHelper@@QEAAHVQString@@0@Z
?getFormatFileName@FExportPresetHelper@@AEAA?AVQString@@XZ
?getPresetHelper@FExportPresetManager@@QEAAPEAVFExportPresetHelper@@W4FormatType@@@Z
?getPresetInfoFromJson@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
?getPresetValue@FExportPresetHelper@@QEAA?AUPresetValue@@W4PresetType@@VQString@@1@Z
?init@FExportPresetManager@@AEAAXXZ
?initPresetInfos@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
?instance@?$FFLazySingleton@VFExportPresetManager@@@@SAPEAVFExportPresetManager@@XZ
?isActive@?$FFLazySingleton@VFExportPresetManager@@@@SA_NXZ
?isPresetNameRepeat@FExportPresetHelper@@QEAA_NVQString@@0@Z
?m_oMutex@?$FFLazySingleton@VFExportPresetManager@@@@0VQMutex@@A
?m_pInstance@?$FFLazySingleton@VFExportPresetManager@@@@0PEAVFExportPresetManager@@EA
?metaObject@IFSmartEditExport@@UEBAPEBUQMetaObject@@XZ
?onBeforeActiveProjectChangeEvent@FExportPresetManager@@UEAAXXZ
?overWritePresetInfoItem@FExportPresetHelper@@QEAAXVQString@@UPresetValue@@@Z
?presetIsModify@FExportPresetHelper@@AEAAXXZ
?projectParamModified@FExportPresetManager@@QEAAXXZ
?qt_metacall@IFSmartEditExport@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@IFSmartEditExport@@UEAAPEAXPEBD@Z
?qt_static_metacall@IFSmartEditExport@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?reject@IFSmartEditExport@@MEAAXXZ
?release@?$FFLazySingleton@VFExportPresetManager@@@@SAXXZ
?resetFirstOpenDefault@FExportPresetHelper@@QEAAXXZ
?resetFirstOpenPresetNameToDefault@FExportPresetHelper@@QEAAXXZ
?saveAllPresetInfos@FExportPresetHelper@@AEAAXXZ
?setPresetValue@FExportPresetHelper@@QEAAXW4PresetType@@VQString@@UPresetValue@@@Z
?staticMetaObject@IFSmartEditExport@@2UQMetaObject@@B
?tr@IFSmartEditExport@@SA?AVQString@@PEBD0H@Z
?trUtf8@IFSmartEditExport@@SA?AVQString@@PEBD0H@Z
?updateFormatData@FExportPresetHelper@@AEAAXAEAUPresetInfos@@@Z
exportShowGuideTimeline
exportTemplateTimeline
exportTimeline

Sections

Size: 314KB - Virtual size: 921KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 473KB - Virtual size: 805KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 29KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 314KB - Virtual size: 921KB

Size: 473KB - Virtual size: 805KB

Size: 2KB - Virtual size: 14KB

Size: 29KB - Virtual size: 47KB

Size: 29KB - Virtual size: 173KB

Size: 2KB - Virtual size: 11KB

.exports Size: 4KB - Virtual size: 4KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 174KB - Virtual size: 174KB

.themida Size: - Virtual size: 6.6MB

.boot Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 16B - Virtual size: 4KB

.exports
Size: 4KB - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 174KB - Virtual size: 174KB

.themida
Size: - Virtual size: 6.6MB

.boot
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 16B - Virtual size: 4KB