96862b110b47a8ef5c0c4c25a913f6b27a13aa88c62c86be29f1905f45241a90

Sharing

Copy URL

Twitter E-mail

General

Target

96862b110b47a8ef5c0c4c25a913f6b27a13aa88c62c86be29f1905f45241a90
Size

2.5MB
MD5

c42fc8d2ee7405d6a74c27fd9e8a9523
SHA1

cbbd755b231e20c088b04fecefbc1f27f4e22468
SHA256

96862b110b47a8ef5c0c4c25a913f6b27a13aa88c62c86be29f1905f45241a90
SHA512

7f4e8b13eb9b0953b23e28c4f49c7aa7af645224c1e892d56be9e17d0ed69dc336284970e836f49c5f9409550fb811ac59fe25500717eb074b5b250d1bf363a4
SSDEEP

49152:g+yFPXoLHV7YTwvSAIRFqgSB7HTRwIoIl3OqnGf:2FPXoL1E+SAIRFqgYTRwzBqGf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96862b110b47a8ef5c0c4c25a913f6b27a13aa88c62c86be29f1905f45241a90

Files

96862b110b47a8ef5c0c4c25a913f6b27a13aa88c62c86be29f1905f45241a90
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??0AndroidFridaCoreInterface@@QAE@V?$unique_ptr@VIFridaCoreProivder@@U?$default_delete@VIFridaCoreProivder@@@std@@@std@@AAVCLowLevel@@AAVAndroidDumper@@V?$unique_ptr@VIFridaCoreCommandHandler@@U?$default_delete@VIFridaCoreCommandHandler@@@std@@@2@@Z
??0CFileRead@@QAE@ABV0@@Z
??0CFileRead@@QAE@PBGI@Z
??0CFileWrite@@QAE@ABV0@@Z
??0CTimestampUtil@@QAE@W4eEpoch@0@W4eTimeUnit@0@@Z
??0CsvFile@@QAE@ABV0@@Z
??0CsvFile@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??0CsvFile@@QAE@PBEI@Z
??0FridaCoreEprProivder@@QAE@$$QAV0@@Z
??0FridaScriptResult@@QAE@$$QAU0@@Z
??0FridaScriptResult@@QAE@ABU0@@Z
??0FridaScriptResult@@QAE@XZ
??0FridaTarget@@QAE@$$QAU0@@Z
??0FridaTarget@@QAE@ABU0@@Z
??0FridaTarget@@QAE@XZ
??0IDumpLister@@QAE@$$QAV0@@Z
??0IDumpLister@@QAE@ABV0@@Z
??0IDumpLister@@QAE@XZ
??0IFileRead@@QAE@ABV0@@Z
??0IFileRead@@QAE@XZ
??0IFridaCoreProivder@@QAE@ABV0@@Z
??0IFridaCoreProivder@@QAE@XZ
??1AndroidFridaCoreInterface@@UAE@XZ
??1CFileRead@@UAE@XZ
??1CsvFile@@UAE@XZ
??1FridaCoreEprProivder@@UAE@XZ
??1FridaScriptResult@@QAE@XZ
??1FridaTarget@@QAE@XZ
??1IFileRead@@UAE@XZ
??1IFridaCoreDeviceInterface@@UAE@XZ
??1IFridaCoreProivder@@UAE@XZ
??4CFileRead@@QAEAAV0@ABV0@@Z
??4CFileWrite@@QAEAAV0@ABV0@@Z
??4CTimestampUtil@@QAEAAV0@$$QAV0@@Z
??4CTimestampUtil@@QAEAAV0@ABV0@@Z
??4CsvFile@@QAEAAV0@ABV0@@Z
??4FridaCoreExecutor@@QAEAAV0@$$QAV0@@Z
??4FridaCoreExecutor@@QAEAAV0@ABV0@@Z
??4FridaTarget@@QAEAAU0@$$QAU0@@Z
??4FridaTarget@@QAEAAU0@ABU0@@Z
??4IDumpLister@@QAEAAV0@$$QAV0@@Z
??4IDumpLister@@QAEAAV0@ABV0@@Z
??4IFileRead@@QAEAAV0@ABV0@@Z
??4IFridaCoreProivder@@QAEAAV0@ABV0@@Z
??5CsvFile@@QAEAAV0@AAG@Z
??5CsvFile@@QAEAAV0@AAK@Z
??5CsvFile@@QAEAAV0@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??5CsvFile@@QAEAAV0@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@@Z
??5CsvFile@@QAEAAV0@AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??_7AndroidFridaCoreInterface@@6B@
??_7CFileRead@@6B@
??_7CFileWrite@@6B@
??_7CsvFile@@6B@
??_7FridaCoreEprProivder@@6B@
??_7IDumpLister@@6B@
??_7IFileRead@@6B@
??_7IFridaCoreProivder@@6B@
?CheckAndSetupAdb@AndroidFridaCoreInterface@@AAEXXZ
?CheckAndSetupDumper@AndroidFridaCoreInterface@@AAEXXZ
?Cleanup@AndroidFridaCoreInterface@@UAEXXZ
?Close@CFileRead@@QAEXXZ
?CloseDumpListFile@CDumpListerFacade@@UAE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?CreateTimestamp@CTimestampUtil@@QAEX_KAAUSMS_struct_tag@@@Z
?CreateTimestamp@CTimestampUtil@@QAEX_KAAU_SYSTEMTIME@@@Z
?CreateTimestamp@CTimestampUtil@@QAEX_KAAUtm@@@Z
?DoesTargetPackageExists@AndroidFridaCoreInterface@@EAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Eof@CsvFile@@QAE_NXZ
?FetchFileListFromAllIncludes@CDumpListerFacade@@UAE_NXZ
?FetchFilesList@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FetchMoreFilesAndDirsToLists@CDumpListerFacade@@UAE_NAAH0@Z
?FindLine@CsvFile@@QAEAAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetAppUid@AndroidFridaCoreInterface@@AAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetArchitecture@AndroidFridaCoreInterface@@EAE?AW4Arch@IFridaCoreProivder@@XZ
?GetBrand@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetDevicePacakges@AndroidFridaCoreInterface@@CA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@AAVCLowLevel@@@Z
?GetFileSize@CFileRead@@KA_JPAU_iobuf@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABUSMS_struct_tag@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABU_FILETIME@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABU_SYSTEMTIME@@@Z
?GetInTimeUnits@CTimestampUtil@@QAE_KABUtm@@@Z
?GetManufacturer@AndroidFridaCoreInterface@@AAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetMoreData@CsvFile@@IAE_NXZ
?GetNextDWORD@CsvFile@@QAEKXZ
?GetNextPath@CDumpListerFacade@@UAE?AUPathInfo@IDumpLister@@XZ
?GetNextString@CsvFile@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetNumberOfFiles@CDumpListerFacade@@UAEIXZ
?GetStatusCountersVector@CDumpListerFacade@@UAE?AV?$vector@IV?$allocator@I@std@@@std@@XZ
?GetTempPathW@CDumpListerFacade@@UAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetTotalFilesCount@CDumpListerFacade@@UAE_NAA_K@Z
?GetTotalFilesSize@CDumpListerFacade@@UAE_NAA_K@Z
?GetVendor@AndroidFridaCoreInterface@@EAE?AW4Vendor@IFridaCoreVendor@@XZ
?IsOpen@CFileRead@@UAE_NXZ
?KillApp@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?KillPidsByCmdline@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?KillPidsByCmdlineNoThrow@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ListingEnded@CDumpListerFacade@@UAE_NXZ
?NewLine@CsvFile@@QAE_NXZ
?NextLine@CsvFile@@QAE_NXZ
?Ok@CsvFile@@QAE_NXZ
?PatchSeTargetPolicy@AndroidFridaCoreInterface@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Vendor@IFridaCoreVendor@@@Z
?PatchTriggerSetupScript@AndroidFridaCoreInterface@@AAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?Pos64@CFileRead@@UAE_JXZ
?Pos@CFileRead@@QAEIXZ
?PostFailureCleanup@AndroidFridaCoreInterface@@EAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Read@CFileRead@@UAE_NPAEI@Z
?Reset@CsvFile@@QAE_NXZ
?ResetFilesAndDirsList@CDumpListerFacade@@UAEXXZ
?RunFridaScriptImpl@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@ABUFridaTarget@@@Z
?RunPsWithGrep@AndroidFridaCoreInterface@@AAE?AV?$optional@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?Seek@CFileRead@@QAE_NI@Z
?SetApplicationMessageCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z
?SetApplicationMessageCallback@IDumpLister@@UAEXV?$function@$$A6AXVCStringArg@@V?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@_KI@Z@std@@@Z
?SetEpoch@CTimestampUtil@@QAEXW4eEpoch@1@@Z
?SetFileMetaDataCallback@CDumpListerFacade@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFileMetaDataCallback@IDumpLister@@UAEXV?$function@$$A6A?AUFileMetaData@IDumpLister@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFileStatus@CDumpListerFacade@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4FileStatus@IDumpLister@@PAU_DWE_file_data@@PAUFileMetaData@5@@Z
?SetFolderList@CDumpListerFacade@@UAEXAAVCFoldersInfo@@@Z
?SetFolderList@IDumpLister@@UAEXAAVCFoldersInfo@@@Z
?SetFolderNotificationCallback@CDumpListerFacade@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetFolderNotificationCallback@IDumpLister@@UAEXV?$function@$$A6AXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?SetTarget@CDumpListerFacade@@UAEXPAUIDumperTargetCallback@@@Z
?SetTarget@IDumpLister@@UAEXPAUIDumperTargetCallback@@@Z
?Size64@CFileRead@@UAE_JXZ
?Size@CFileRead@@QAEIXZ
?SmsTimeToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUSMS_struct_tag@@@Z
?StartFetchFilesAndDirectoriesLists@CDumpListerFacade@@UAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_N1@Z
?SystemTimeToSmsTime@CTimestampUtil@@SAXABU_SYSTEMTIME@@AAUSMS_struct_tag@@@Z
?SystemTimeToString@CTimestampUtil@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABU_SYSTEMTIME@@@Z
?SystemTimeToTm@CTimestampUtil@@SA?AUtm@@ABU_SYSTEMTIME@@@Z
?SystemTimeToWstring@CTimestampUtil@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@ABU_SYSTEMTIME@@@Z
?TmToSystemTime@CTimestampUtil@@SA?AU_SYSTEMTIME@@ABUtm@@@Z
?TriggerAppCmd@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z
?TriggerAppRetrySetup@AndroidFridaCoreInterface@@AAEXH@Z
?UpdateFilesCount@CDumpListerFacade@@UAE_NXZ
?UploadAndTrackFile@AndroidFridaCoreInterface@@AAE_NPBEIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UploadFiles@AndroidFridaCoreInterface@@EAE_NXZ
?UploadFridaScript@AndroidFridaCoreInterface@@EAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABUFridaTarget@@@Z
?__autoclassinit2@CFileRead@@QAEXI@Z
?isFindSupported@CDumpListerFacade@@UAE_NXZ
?isFindSupported@IDumpLister@@UAE_NXZ
?mAltQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
?mAppleEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
?mLinuxEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
?mQcpEpoch@CTimestampUtil@@0U_SYSTEMTIME@@B
CreateObject
CreateObjectExt

Sections

Size: 169KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 31KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 169KB - Virtual size: 403KB

Size: 31KB - Virtual size: 120KB

Size: 1KB - Virtual size: 6KB

Size: 1024B - Virtual size: 1KB

Size: 17KB - Virtual size: 21KB

.edata Size: 10KB - Virtual size: 10KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 10KB - Virtual size: 10KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 16B - Virtual size: 4KB