1a4256a0c5a0ffe88d07d41d05b44022840bf104a4f3a1593f4d8c5041fef6b0

Sharing

Copy URL Twitter E-mail

General

Target

1a4256a0c5a0ffe88d07d41d05b44022840bf104a4f3a1593f4d8c5041fef6b0
Size

2.5MB
MD5

3199ec0248f3af2377322acd41b004da
SHA1

a9fa23cda39b9d6303107afb0a2aa1a2a48bc6b5
SHA256

1a4256a0c5a0ffe88d07d41d05b44022840bf104a4f3a1593f4d8c5041fef6b0
SHA512

b5ab6c3333666f17fb6c12f71165796af598414fe9f003e735c22032e18c989f10ba29ecf24e7371163cf4f2219b6643d6e498f61a6ca012edc8d04fe539b33e
SSDEEP

49152:yWzvR2RpB5XiCecsrT5rgBHPmItEXsKtjqEwdL6EGB20TsmECMYq:tyZiCe/rTqBNtG70drGB5wmmYq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a4256a0c5a0ffe88d07d41d05b44022840bf104a4f3a1593f4d8c5041fef6b0

Files

1a4256a0c5a0ffe88d07d41d05b44022840bf104a4f3a1593f4d8c5041fef6b0
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
?Clear@CMnmExtractionFsReadResponse@@QAEXXZ
?Clear@CMnmExtractionMdReadResponse@@QAEXXZ
?Clear@CMnmExtractionReadResponse@@QAEXXZ
?Clear@CMnmLogResponse@@QAEXXZ
?Clear@CMnmNARExtractionReadMetadataResponse@@QAEXXZ
?CreateMnmClient@@YGPAVIMnmClient@@PAVIMnmLink@@0@Z
?GetAdvertisingIdentifier@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetArchitecture@CMnmGetPlatformInfoResponse@@QBE_KXZ
?GetAttemptCount@CMnmBruteforceGetStatusResponse@@QBE_KXZ
?GetAttemptDetails@CMnmBruteforceGetStatusResponse@@QBE?AVCBruteforceStatusAttemptDetails@1@XZ
?GetBatteryLevel@CMnmGetPlatformInfoResponse@@QBENXZ
?GetCanBruteforce@CMnmGetLockInfoResponse@@QBE_NXZ
?GetCanUnlock@CMnmGetLockInfoResponse@@QBE_NXZ
?GetClassKeys@CMnmGetLockInfoResponse@@QBE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@@std@@@2@@std@@XZ
?GetClassKeys@CMnmKeyChainClassKeysResponse@@QBE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@@std@@@2@@std@@XZ
?GetCompiledTime@CMnmGetVersionResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetContinue@CMnmExtractionMdReadResponse@@QBE_NXZ
?GetCorrectPasscode@CMnmBruteforceGetStatusResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetCorrectPasscode@CMnmGetPersistentDataResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetCorrectPasscodeExists@CMnmBruteforceGetStatusResponse@@QBE_NXZ
?GetCorrectPasscodeExists@CMnmGetPersistentDataResponse@@QBE_NXZ
?GetCount@CMnmExtractionMdReadResponse@@QBE_KXZ
?GetCount@CMnmNARExtractionReadMetadataResponse@@QBE_KXZ
?GetDIMEI@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetData@CMnmExtractionFsReadResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ
?GetData@CMnmExtractionTestResponse@@QBE?AV?$vector@DV?$allocator@D@std@@@std@@XZ
?GetData@CMnmKeyChainResponse@@QBE?AV?$vector@DV?$allocator@D@std@@@std@@XZ
?GetData@CMnmNARExtractionReadMetadataResponse@@QBEABV?$list@UNarMetadataStruct@@V?$allocator@UNarMetadataStruct@@@std@@@std@@XZ
?GetDeviceUserName@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetDictDetails@CMnmBruteforceGetStatusResponse@@QBE?AVCBruteforceStatusDictDetails@1@XZ
?GetDiskUsage@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetEcid@CMnmGetPlatformInfoResponse@@QBE_KXZ
?GetEncryptedLog@CMnmLogResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ
?GetError@CMnmExtractionFsReadResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ
?GetExtractionProgress@CMnmOtpResponse@@QBENXZ
?GetExtractionStatus@CMnmExtractionStatusResponse@@QBE?AW4EExtractionStatus@1@XZ
?GetExtractionStatusAsString@CMnmExtractionStatusResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetExtractionType@CMnmExtractionStatusResponse@@QBE?AW4EExtractionType@1@XZ
?GetGoldilocksState@CMnmGetLockInfoResponse@@QBE?AW4EGoldilocksState@1@XZ
?GetGoldilocksStateString@CMnmGetLockInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetHasRomBpr@CMnmGetPlatformInfoResponse@@QBE_NXZ
?GetICCID@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetIMEI@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetIccid@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetImei@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetInProgress@CMnmBruteforceGetStatusResponse@@QBE_KXZ
?GetIsDeviceUnlockedSinceBoot@CMnmIsDeviceUnlockedSinceBootResponse@@QBE_NXZ
?GetIsExtractionInProgress@CMnmOtpResponse@@QBE_NXZ
?GetIsFinished@CMnmNARExtractionReadMetadataResponse@@QBE_NXZ
?GetIsInstalled@CMnmInstallationStatusResponse@@QBE_NXZ
?GetIsLogEncrypted@CMnmLogResponse@@QBE_NXZ
?GetIsPasscodeProtected@CMnmIsPasscodeProtectedResponse@@QBE_NXZ
?GetKeybagDetails@CMnmGetLockInfoResponse@@QBE?AVCLockInfoKeybagDetails@1@XZ
?GetLastAttemptedIndex@CMnmGetPersistentDataResponse@@QBE_KXZ
?GetLastDictionaryUniqueId@CMnmGetPersistentDataResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetLockers@CMnmGetLockInfoResponse@@QBE?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@DV?$allocator@D@std@@@2@@std@@@2@@std@@XZ
?GetLog@CMnmLogResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetLogicalErrorId@CMnmResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetMSISDN@CMnmBruteforceGetHintsResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetMailAccounts@CMnmBruteforceGetHintsResponse@@QBEABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?GetMarketingName@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetMnmFlavor@CMnmGetPlatformInfoResponse@@QBE?AW4EMnmFlavor@1@XZ
?GetMnmFlavorString@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetModel@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetModelFriendlyName@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetOffset@CMnmExtractionFsReadResponse@@QBE_KXZ
?GetOsVersion@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetOtpData@CMnmOtpResponse@@QBEABV?$vector@DV?$allocator@D@std@@@std@@XZ
?GetPartitionType@CMnmExtractionMdReadResponse@@QBE?AW4EPartitionType@1@XZ
?GetPartitionType@CMnmExtractionStatusResponse@@QBE?AW4EPartitionType@1@XZ
?GetPasscodeType@CMnmGetLockInfoResponse@@QBE?AW4EPasscodeType@1@XZ
?GetPasscodeTypeString@CMnmGetLockInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPort@CMnmNARExtractionStartSessionResponse@@QBE_KXZ
?GetRamDiskVersion@CMnmGetPlatformInfoResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetSegmentDetails@CMnmBruteforceGetStatusResponse@@QBE?AVCBruteforceStatusSegmentDetails@1@XZ
?GetSeshatDetails@CMnmGetLockInfoResponse@@QBE?AVCLockInfoSeshatDetails@1@XZ
?GetSessionId@CMnmNARExtractionStartSessionResponse@@QBE_KXZ
?GetSessionStatus@CMnmNARExtractionSessionStatusResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetSlowBruteforce@CMnmGetLockInfoResponse@@QBE_NXZ
?GetStartedIndex@CMnmBruteforceGetStatusResponse@@QBE_KXZ
?GetTotal@CMnmExtractionReadResponse@@QBE_KXZ
?GetTree@CMnmExtractionMdReadResponse@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetVersion@CMnmGetVersionResponse@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?HasLogicalError@CMnmResponse@@QBE_NXZ
?IsBruteforceInProgress@CMnmBruteforceGetStatusResponse@@QBE_NXZ

Sections

Size: 45KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 45KB - Virtual size: 141KB

Size: 9KB - Virtual size: 36KB

Size: 512B - Virtual size: 2KB

Size: 1024B - Virtual size: 1KB

Size: 6KB - Virtual size: 7KB

.edata Size: 9KB - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 9KB - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 16B - Virtual size: 4KB