8a7bd0f1acf030c3e721f66fa0b7cde8cc359b0bdb015c967f38d517362cec11

Sharing

Copy URL Twitter E-mail

General

Target

8a7bd0f1acf030c3e721f66fa0b7cde8cc359b0bdb015c967f38d517362cec11
Size

3.9MB
MD5

eff58922bfcfd937688747bc955c2386
SHA1

980fcec862185fb7735fd4ce4669776f600c3768
SHA256

8a7bd0f1acf030c3e721f66fa0b7cde8cc359b0bdb015c967f38d517362cec11
SHA512

59f595d7f9dc9df7323f6dc9cd6c9fdf7bd28b2c6eabccb1ac986d1a2d8dbe42fe4804f4548d4b85d462b725896975b3158a72216634783c1004822e64f23d98
SSDEEP

98304:OBy/mTf6vHCKIudhDZKm+Om78WOIUAeYc49y3:IESf6vC3unDZKameIUYH9o

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a7bd0f1acf030c3e721f66fa0b7cde8cc359b0bdb015c967f38d517362cec11

Files

8a7bd0f1acf030c3e721f66fa0b7cde8cc359b0bdb015c967f38d517362cec11
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

BingConfigurationClient_GetBrowserLocaleConfiguration
BingConfigurationClient_GetLocaleConfiguration
BingConfigurationClient_GetMarketAsLocale

Sections

Size: 34KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 34KB - Virtual size: 61KB

Size: 7KB - Virtual size: 20KB

Size: 512B - Virtual size: 2KB

Size: 2KB - Virtual size: 4KB

Size: 512B - Virtual size: 16B

Size: 512B - Virtual size: 1KB

Size: 512B - Virtual size: 244B

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 3.8MB - Virtual size: 3.8MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 3.8MB - Virtual size: 3.8MB