brtd2389aw | Triage

Sharing

Copy URL Twitter E-mail

General

Target

brtd2389aw
Size

3.4MB
MD5

8ff6e97fe5e32e233474b7afa6e18efa
SHA1

cb2a7adda9f9a229aa1c8ae9ea26613911b900a4
SHA256

da10810b38385f2c674c8f5aba08c04a0b30c7b3ac828c6a86da927839b80b48
SHA512

d3d766d41727028a326da048a365fc51ba98166d47f19e49d55db84cd6d4d8bef0cfcc35965f05139a78f86245e2f5761cd31fedb7a5a64ece692e87c14352dd
SSDEEP

49152:LjcOT65c+zYCyjccXUT0dY49lCMSq2AphZAXtEgS9vJUyT4L9XZLq8xaUfa0Cvz4:Ld4cR8cQ0mMAUhXjJPS9Xbxaj/uQ+Nmk

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
brtd2389aw

Files

brtd2389aw
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

EdpGetIsManaged

Sections

Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 4KB - Virtual size: 6KB

Size: 247KB - Virtual size: 247KB

Size: 512B - Virtual size: 624B

Size: 512B - Virtual size: 552B

Size: 512B - Virtual size: 388B

.bss Size: - Virtual size: 208B

Size: 512B - Virtual size: 68B

Size: 512B - Virtual size: 868B

Size: 512B - Virtual size: 88B

Size: 512B - Virtual size: 16B

Size: 512B - Virtual size: 92B

.edata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 16B - Virtual size: 4KB

.bss
Size: - Virtual size: 208B

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 16B - Virtual size: 4KB