API[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

API.dll
Size

3.9MB
MD5

145eb48c8559a3202c05720a9edad2f8
SHA1

f9d172556500b39281a1959ff2fd38e883317095
SHA256

28c765378fb99867c0d3cd6ffef5ad704b67610b153bdb91cd92711afe9d6152
SHA512

d3fae6f748e7a8cdca51d66fc3fed848943191bc825ed0835656bd0232668aa8373d5b89e104b5c50d4f3759ef2cf94b9f30f5d52c6d8ee858c7c91953c5377b
SSDEEP

98304:ffLM8o5GJ2H/5xGqRkm6w8fg2z9myOmV8CKb9ia5p:ffLg5GJ6bGCH6u2VFMEaD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
API.dll

Files

API.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

RBXCompile
RBXDecompress
RBXRawCompile
Setup

Sections

Size: 440KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 67KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 440KB - Virtual size: 1.1MB

Size: 67KB - Virtual size: 195KB

Size: 2KB - Virtual size: 48KB

Size: 23KB - Virtual size: 38KB

Size: 512B - Virtual size: 248B

Size: 2KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB