cc4fa5208bea159abd8cb561d8a29762902fc01061004a235414c099b32116c9

Sharing

Copy URL Twitter E-mail

General

Target

cc4fa5208bea159abd8cb561d8a29762902fc01061004a235414c099b32116c9
Size

2.5MB
MD5

a76582bd0fcf9fdbb399ba831f262d86
SHA1

99d5c2d235e77ad387d97c2acc98ed0d1517db21
SHA256

cc4fa5208bea159abd8cb561d8a29762902fc01061004a235414c099b32116c9
SHA512

afa9163452ee460b5a899c41face633ac393a343ef8fab87af87909a0448c09cc4ebca2fdbbfe218fcc048a1308bb613212f3ba05fa0aea79a8d85b6bb02d7bd
SSDEEP

49152:SGv1RJRZ2uRqvJo5uilrpcEspA7K5YZre4NOw33gno2wFyL:9NL2SE6t5pmyG5YZx3ao2vL

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc4fa5208bea159abd8cb561d8a29762902fc01061004a235414c099b32116c9

Files

cc4fa5208bea159abd8cb561d8a29762902fc01061004a235414c099b32116c9
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetDllInfo
UDV_ChangePassword
UDV_ClearPWS_ProtectHidden
UDV_CloseAPI
UDV_CloseContinuousAccess
UDV_CloseLockedCDROM
UDV_DisablePWS_ProtectHidden
UDV_DisablePassword
UDV_Force_to_Enable_HID_Channel
UDV_FormatPartition
UDV_GetDeviceInfo
UDV_GetInquiryRevision
UDV_GetStatus
UDV_GetUnitSize
UDV_GetWriteProtect
UDV_GetWriteProtect_Temporarily
UDV_Get_Current_Number_of_Attempts_ProtectHidden
UDV_Get_ExtraLED_Status
UDV_Get_HIDVID_HIDPID
UDV_InitAPI
UDV_ListTokens
UDV_LockCDROM
UDV_Login
UDV_Logout
UDV_MacCloseDevice
UDV_MacOpenDevice
UDV_Make_CDKey
UDV_OpenContinuousAccess
UDV_OpenLockedCDROM
UDV_ReadBlockCDROM
UDV_ReadHiddenArea
UDV_ReadProtectHidden
UDV_ReadSectorFromPartition_Multi
UDV_ReadSectorFromPartition_SCSI
UDV_ResetPassword
UDV_ResizeCDPartition
UDV_ResizeCDPartition_M31
UDV_ResizePartition
UDV_ResizePartition_M37M38
UDV_SetDevice_MediaChanged
UDV_SetInquiryRevision
UDV_SetPID
UDV_SetPWS_ProtectHidden
UDV_SetPassword
UDV_SetProductionName
UDV_SetSerialNumber
UDV_SetVID
UDV_SetVendorName
UDV_SetWriteProtect
UDV_SetWriteProtect_Temporarily
UDV_Set_ExtraLED_Status
UDV_UnlockCDROM
UDV_UpdateDeviceString
UDV_WriteBlockCDROM
UDV_WriteHiddenArea
UDV_WriteProtectHidden
UDV_WriteSectorToPartition_Multi
UDV_isHID
UDV_isReady_HIDmode

Sections

Size: 126KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 38KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 126KB - Virtual size: 266KB

Size: 38KB - Virtual size: 55KB

Size: 8KB - Virtual size: 238KB

Size: 1024B - Virtual size: 1KB

Size: 7KB - Virtual size: 14KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.boot Size: 2.3MB - Virtual size: 2.3MB

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.boot
Size: 2.3MB - Virtual size: 2.3MB