6fec369ec53bcc32f85e41bcdf0dbe25d6d267581ec14e62ab1c5f0adac24d31

Sharing

Copy URL Twitter E-mail

General

Target

6fec369ec53bcc32f85e41bcdf0dbe25d6d267581ec14e62ab1c5f0adac24d31
Size

2.7MB
MD5

f59b8575eee8649e0c363cf9330fb9d2
SHA1

c210a9651f262826d8c083d0ad3f5a0a4d8fe2d5
SHA256

6fec369ec53bcc32f85e41bcdf0dbe25d6d267581ec14e62ab1c5f0adac24d31
SHA512

41a1d09eec653faff5da2ec95abc22bab05b942f141a6a8fa24dd912795533ce7b9af843f04b572d1748f9f15568e5b30886677a71c538d0ae92ae8a28be8039
SSDEEP

49152:a31GBoc1kolRTxN0VvV1RB48jMfrzZGwCVm/50Zkzyk/0hof:c1GBocnluv901fp/50a7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fec369ec53bcc32f85e41bcdf0dbe25d6d267581ec14e62ab1c5f0adac24d31

Files

6fec369ec53bcc32f85e41bcdf0dbe25d6d267581ec14e62ab1c5f0adac24d31
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0Analayzer@@QAE@ABV0@@Z
??0CFileRead@@QAE@ABV0@@Z
??0CFileRead@@QAE@PBGI@Z
??0CFileWrite@@QAE@ABV0@@Z
??0CFileWrite@@QAE@PBG0I@Z
??0CFileWrite@@QAE@PBGI@Z
??0CsvFile@@QAE@ABV0@@Z
??0FridaCoreEprProivder@@QAE@$$QAV0@@Z
??0FridaScriptResult@@QAE@$$QAU0@@Z
??0FridaScriptResult@@QAE@ABU0@@Z
??0FridaScriptResult@@QAE@XZ
??0FridaTarget@@QAE@$$QAU0@@Z
??0FridaTarget@@QAE@ABU0@@Z
??0FridaTarget@@QAE@XZ
??0IDumpLister@@QAE@$$QAV0@@Z
??0IDumpLister@@QAE@ABV0@@Z
??0IDumpLister@@QAE@XZ
??0IFileRead@@QAE@ABV0@@Z
??0IFileRead@@QAE@XZ
??0IFridaCoreProivder@@QAE@ABV0@@Z
??0IFridaCoreProivder@@QAE@XZ
??0PythonClass@@QAE@ABV0@@Z
??0Regs@@QAE@ABV0@@Z
??0ResultHandler@@QAE@ABV0@@Z
??0SearchParams@@QAE@ABV0@@Z
??0Segment@@QAE@ABV0@@Z
??1Analayzer@@UAE@XZ
??1AndroidFridaCoreInterface@@UAE@XZ
??1CFileRead@@UAE@XZ
??1CFileWrite@@UAE@XZ
??1FridaCoreEprProivder@@UAE@XZ
??1FridaScriptResult@@QAE@XZ
??1FridaTarget@@QAE@XZ
??1IFileRead@@UAE@XZ
??1IFridaCoreDeviceInterface@@UAE@XZ
??1IFridaCoreProivder@@UAE@XZ
??1ResultHandler@@UAE@XZ
??1SearchParams@@UAE@XZ
??1Segment@@UAE@XZ
??4Analayzer@@QAEAAV0@ABV0@@Z
??4CFileRead@@QAEAAV0@ABV0@@Z
??4CFileWrite@@QAEAAV0@ABV0@@Z
??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
??4CsvFile@@QAEAAV0@ABV0@@Z
??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z
??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z
??4FridaTarget@@QAEAAU0@$$QAU0@@Z
??4FridaTarget@@QAEAAU0@ABU0@@Z
??4IDumpLister@@QAEAAV0@$$QAV0@@Z
??4IDumpLister@@QAEAAV0@ABV0@@Z
??4IFileRead@@QAEAAV0@ABV0@@Z
??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z
??4PyInterpeter@@QAEAAV0@ABV0@@Z
??4PythonClass@@QAEAAV0@ABV0@@Z
??4Regs@@QAEAAV0@ABV0@@Z
??4ResultHandler@@QAEAAV0@ABV0@@Z
??4SearchParams@@QAEAAV0@ABV0@@Z
??4Segment@@QAEAAV0@ABV0@@Z
??_7Analayzer@@6B@
??_7CFileRead@@6B@
??_7CFileWrite@@6B@
??_7CsvFile@@6B@
??_7FridaCoreEprProivder@@6B@
??_7IDumpLister@@6B@
??_7IFileRead@@6B@
??_7IFridaCoreProivder@@6B@
??_7PythonClass@@6B@
??_7Regs@@6B@
??_7ResultHandler@@6B@
??_7SearchParams@@6B@
??_7Segment@@6B@
?Close@CFileRead@@QAEXXZ
?Close@CFileWrite@@QAE_NXZ
?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ
?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z
?FlushCachedData@CFileWrite@@QAE_NXZ
?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z
?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ
?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ
?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ
?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z
?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z
?IsOpen@CFileRead@@UAE_NXZ
?IsReady@CFileWrite@@QAE_NXZ
?ListingEnded@CDumpListerFacade@@UAE_NXZ
?Open@CFileWrite@@QAE_NPBG_N@Z
?Pos64@CFileRead@@UAE_JXZ
?Pos@CFileRead@@QAEIXZ
?Read@CFileRead@@UAE_NPAEI@Z
?Rename@CFileWrite@@SA_NPBG0@Z
?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ
?Seek@CFileRead@@QAE_NI@Z
?Seek@CFileWrite@@QAE_NI@Z
?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z
?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z
?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z
?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z
?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z
?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetPassword@AndroidDeviceDecrypt@@UAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z
?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z
?Size64@CFileRead@@UAE_JXZ
?Size@CFileRead@@QAEIXZ
?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z
?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ
?Write@CFileWrite@@QAE_NPBEI@Z
?__autoclassinit2@CFileRead@@QAEXI@Z
?isFindSupported@CDumpListerFacade@@UAE_NXZ
?isFindSupported@IDumpLister@@UAE_NXZ
CreateObject

Sections

Size: 201KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 43KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 201KB - Virtual size: 526KB

Size: 43KB - Virtual size: 156KB

Size: 2KB - Virtual size: 10KB

Size: 1024B - Virtual size: 1KB

Size: 25KB - Virtual size: 34KB

.edata Size: 6KB - Virtual size: 6KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 6KB - Virtual size: 6KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 16B - Virtual size: 4KB