bd6fe297f86a6af935fe0735cb0e179e7e15da107e5920869aa56a5f077a28f8

Sharing

Copy URL Twitter E-mail

General

Target

bd6fe297f86a6af935fe0735cb0e179e7e15da107e5920869aa56a5f077a28f8
Size

2.2MB
MD5

4d1df5c86d7eefbfa7dfe26a2479fc82
SHA1

539e906506c71c3a91387fe29046eea1d45e1207
SHA256

bd6fe297f86a6af935fe0735cb0e179e7e15da107e5920869aa56a5f077a28f8
SHA512

7b9765765fe154cc888a1e34b93ca029bf0de0e4b9f4ef52fc68a5210bfced762ec9dd416b74f972e4fc5dab7c6380fd84b10ab307cd2d9daca8c5ea3edaba5c
SSDEEP

49152:BsF3k0r/Mm6r4C7A6SAPZFNbu/We/PcdFGZU1YwO7RXAwswy+XW:W+o/MhrFU6jbuOe/PcvfSRwGS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd6fe297f86a6af935fe0735cb0e179e7e15da107e5920869aa56a5f077a28f8

Files

bd6fe297f86a6af935fe0735cb0e179e7e15da107e5920869aa56a5f077a28f8
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0CsvFile@@QAE@ABV0@@Z
??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
??4CsvFile@@QAEAAV0@ABV0@@Z
??_7CsvFile@@6B@
CreateObject
CreateObjectExt

Sections

Size: 29KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 29KB - Virtual size: 59KB

Size: 4KB - Virtual size: 17KB

Size: 512B - Virtual size: 1KB

Size: 1024B - Virtual size: 1KB

Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.5MB

.boot Size: 2.1MB - Virtual size: 2.1MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.5MB

.boot
Size: 2.1MB - Virtual size: 2.1MB