2a5c9cfd7481eb4b9ed9d3e60c7736918d3850858fca442685ad21f9270198fe

Sharing

Copy URL Twitter E-mail

General

Target

2a5c9cfd7481eb4b9ed9d3e60c7736918d3850858fca442685ad21f9270198fe
Size

3.7MB
MD5

0e3284ad19d64eb95d6972777ef0f97c
SHA1

da313c78a1a35f48a2a8a6f0661f304f8bbae95a
SHA256

2a5c9cfd7481eb4b9ed9d3e60c7736918d3850858fca442685ad21f9270198fe
SHA512

750f6dfb46140a174c5081f1f58fb8e775f73d65b48eea9dd263b821e2a79fbf0bec3c7a8576d734ed5e34a0b7bca05a3c53c11592dde1e24896c071b0a5f555
SSDEEP

98304:Ix8A6KRC90e+7KNopBDZc55KfOGe1NghYjOqUVtJP6CrS:IxSKQ90bmNEZc58mGgC+Oq+6CrS

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a5c9cfd7481eb4b9ed9d3e60c7736918d3850858fca442685ad21f9270198fe

Files

2a5c9cfd7481eb4b9ed9d3e60c7736918d3850858fca442685ad21f9270198fe
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

func1
toeditbox
toeditboxreplace

Sections

Size: 41KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 841KB - Virtual size: 947KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 41KB - Virtual size: 61KB

Size: 10KB - Virtual size: 25KB

Size: 80KB - Virtual size: 83KB

Size: 841KB - Virtual size: 947KB

Size: 3KB - Virtual size: 4KB

Size: 18KB - Virtual size: 18KB

.exports Size: 512B - Virtual size: 4KB

.imports Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.7MB - Virtual size: 2.7MB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.7MB - Virtual size: 2.7MB