e361596d18738199ac2b5a4166c678216cf1a3755ff8773625b4f8df2a5eb713

Sharing

Copy URL Twitter E-mail

General

Target

e361596d18738199ac2b5a4166c678216cf1a3755ff8773625b4f8df2a5eb713
Size

2.6MB
MD5

6c7b631d8c79fda0615780fccbc6012f
SHA1

4d28e028e33c330f64ac26160e804046e83b3bbe
SHA256

e361596d18738199ac2b5a4166c678216cf1a3755ff8773625b4f8df2a5eb713
SHA512

d873fdf365c44141a01f60a40fb6b8f2da426b2cae19022f9e798e0b718121529b941b8391f31bbd76668da29437da55b0942807ee4d81871def4e3006cdce28
SSDEEP

49152:og0uym1xiRPLDtUKJ3nSTNgxtU49TXwAW7szHNo/n2+Lvf3fwC:dMFlU63NLTKAEspof2+Lvz

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e361596d18738199ac2b5a4166c678216cf1a3755ff8773625b4f8df2a5eb713

Files

e361596d18738199ac2b5a4166c678216cf1a3755ff8773625b4f8df2a5eb713
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z
??0CFileRead@@QAE@ABV0@@Z
??0CFileRead@@QAE@PBGI@Z
??0CFileWrite@@QAE@ABV0@@Z
??0CFileWrite@@QAE@PBG0I@Z
??0CFileWrite@@QAE@PBGI@Z
??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z
??0CsvFile@@QAE@ABV0@@Z
??0FridaCoreEprProivder@@QAE@$$QAV0@@Z
??0FridaScriptResult@@QAE@$$QAU0@@Z
??0FridaScriptResult@@QAE@ABU0@@Z
??0FridaScriptResult@@QAE@XZ
??0FridaTarget@@QAE@$$QAU0@@Z
??0FridaTarget@@QAE@ABU0@@Z
??0FridaTarget@@QAE@XZ
??0IDumpLister@@QAE@$$QAV0@@Z
??0IDumpLister@@QAE@ABV0@@Z
??0IDumpLister@@QAE@XZ
??0IFileRead@@QAE@ABV0@@Z
??0IFileRead@@QAE@XZ
??0IFridaCoreProivder@@QAE@ABV0@@Z
??0IFridaCoreProivder@@QAE@XZ
??1AndroidFridaCoreInterface@@UAE@XZ
??1CFileRead@@UAE@XZ
??1CFileWrite@@UAE@XZ
??1FridaCoreEprProivder@@UAE@XZ
??1FridaScriptResult@@QAE@XZ
??1FridaTarget@@QAE@XZ
??1IFileRead@@UAE@XZ
??1IFridaCoreDeviceInterface@@UAE@XZ
??1IFridaCoreProivder@@UAE@XZ
??4CFileRead@@QAEAAV0@ABV0@@Z
??4CFileWrite@@QAEAAV0@ABV0@@Z
??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
??4CsvFile@@QAEAAV0@ABV0@@Z
??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z
??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z
??4FridaTarget@@QAEAAU0@$$QAU0@@Z
??4FridaTarget@@QAEAAU0@ABU0@@Z
??4IDumpLister@@QAEAAV0@$$QAV0@@Z
??4IDumpLister@@QAEAAV0@ABV0@@Z
??4IFileRead@@QAEAAV0@ABV0@@Z
??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z
??_7AndroidFridaCoreInterface@@6B@
??_7CFileRead@@6B@
??_7CFileWrite@@6B@
??_7CsvFile@@6B@
??_7FridaCoreEprProivder@@6B@
??_7IDumpLister@@6B@
??_7IFileRead@@6B@
??_7IFridaCoreProivder@@6B@
?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ
?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ
?Cleanup@AndroidFridaCoreInterface@@UAEXXZ
?Close@CFileRead@@QAEXXZ
?Close@CFileWrite@@QAE_NXZ
?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z
?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z
?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z
?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ
?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z
?FlushCachedData@CFileWrite@@QAE_NXZ
?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ
?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z
?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z
?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ
?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ
?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ
?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z
?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z
?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ
?IsOpen@CFileRead@@UAE_NXZ
?IsReady@CFileWrite@@QAE_NXZ
?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ListingEnded@CDumpListerFacade@@UAE_NXZ
?Open@CFileWrite@@QAE_NPBG_N@Z
?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z
?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?Pos64@CFileRead@@UAE_JXZ
?Pos@CFileRead@@QAEIXZ
?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Read@CFileRead@@UAE_NPAEI@Z
?Rename@CFileWrite@@SA_NPBG0@Z
?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ
?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z
?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?Seek@CFileRead@@QAE_NI@Z
?Seek@CFileWrite@@QAE_NI@Z
?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z
?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z
?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z
?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z
?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z
?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z
?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z
?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z
?Size64@CFileRead@@UAE_JXZ
?Size@CFileRead@@QAEIXZ
?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z
?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z
?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z
?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z
?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z
?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z
?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z
?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z
?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z
?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ
?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ
?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z
?Write@CFileWrite@@QAE_NPBEI@Z
?__autoclassinit2@CFileRead@@QAEXI@Z
?isFindSupported@CDumpListerFacade@@UAE_NXZ
?isFindSupported@IDumpLister@@UAE_NXZ
?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
CreateObject
CreateObjectExt

Sections

Size: 180KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 34KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 19KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 180KB - Virtual size: 429KB

Size: 34KB - Virtual size: 124KB

Size: 1KB - Virtual size: 5KB

Size: 1024B - Virtual size: 1KB

Size: 19KB - Virtual size: 23KB

.edata Size: 10KB - Virtual size: 10KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 10KB - Virtual size: 10KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 16B - Virtual size: 4KB