f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855

Sharing

Copy URL

Twitter E-mail

General

Target

f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855
Size

2.2MB
MD5

58d8eb5fb823c47e4dd8e2017dee9f79
SHA1

94b2ebe22236776767cba123270f195c10c1aceb
SHA256

f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855
SHA512

3a6957126eb355d2e5f883f634db12c10d88d9f0fcaf797f18d059ebbce3e3d482aa22f43dbacf59c15aaf1dc1ec278eb699387b3027eb08c6315a4a0d90ede6
SSDEEP

49152:hclG+WNa5KP830dfBbH2S1EKs9tEYWg0HI8f7PSPdKstMy:hclRWNr03MfBr2p9tYg0/LCdKst

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855

Files

f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0PythonCoreRunner@@IAE@XZ
??0PythonCoreRunner@@QAE@ABV0@@Z
??1PythonCoreRunner@@UAE@XZ
??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
??4PythonCoreRunner@@QAEAAV0@ABV0@@Z
??_7PythonCoreRunner@@6B@
?ExecuteScript@PythonCoreRunner@@QAE_NV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4eLogLevel@@@Z
?GetDataPath@PythonCoreRunner@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetEssentialStuff@PythonCoreRunner@@QAEXPAPAUIBaseLink@@PAPAUIPhone@@PAPAUIUserInteraction@@PAPAUIDumperTargetCallback@@PAPAVCModuleInfo@@@Z
?GetGlobalVal@PythonCoreRunner@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V23@@Z
?GetInstance@PythonCoreRunner@@SAPAV1@XZ
?GetLastErrorStringId@PythonCoreRunner@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetLibsDirectory@PythonCoreRunner@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?GetLibsPath@PythonCoreRunner@@QAEPADXZ
?InitPython@PythonCoreRunner@@QAE_NXZ
?IsWindowsDebuggerPresent@PythonCoreRunner@@SAHXZ
?PtrPython@PythonCoreRunner@@2PAV1@A
?RunScript@PythonCoreRunner@@AAEHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?SetEssentialStuff@PythonCoreRunner@@QAEXAAUIBaseLink@@AAUIPhone@@AAUIUserInteraction@@AAVCModuleInfo@@@Z
?SetTarget@PythonCoreRunner@@QAEXPAUIDumperTargetCallback@@@Z
?_lastErrorStringId@PythonCoreRunner@@2V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@A
?printToXtrace@@YAXPBD@Z
?printToXtrace@@YAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
CreateObject
CreateObjectExt

Sections

Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 11KB - Virtual size: 22KB

Size: 3KB - Virtual size: 10KB

Size: 512B - Virtual size: 1KB

Size: 1024B - Virtual size: 1KB

Size: 1KB - Virtual size: 1KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.5MB

.boot Size: 2.2MB - Virtual size: 2.2MB

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.5MB

.boot
Size: 2.2MB - Virtual size: 2.2MB