USBDeview[.]dll

Sharing

Copy URL

Twitter E-mail

General

Target

USBDeview.dll
Size

17.8MB
MD5

db9ab126c7e3989a75989e38a501a1d1
SHA1

10a0d96e8d64d79387aa4f4c00dd07c71c4c1025
SHA256

507417cfaf5cef61db433bc343496ff150d248670d5dc36086c0d79336ba6ab3
SHA512

c30c5b89bcb21b8fc06b217009467a00cb9f7e899594b1e5591d867251341d8d9e7939b5ca34bb4b7574aac9e06df0651ca790ba056e622f87747819ce6ebe9e
SSDEEP

393216:rwZ4SGBsCZoh2Cu8ofORvVahudIghHiGnbyepidJkh7M:rwqjZCcySuyg5PyepidJkhw

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
USBDeview.dll

Files

USBDeview.dll
.dll windows:6 windows x64 arch:x64

Password: 213e12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

a0d80c2b4744bb286144762220226321
a11e3f6f694cdad2b3c12abe8353ebc6
a812902c47d3cf9aa9bb9f8723efc64c
ab1bf35968cf4962ca2821656ed9a764
b31d032cfdcf47a395690a71e43c5d2a
b31d032cfdcf47a399990a71e43c5d2a
b422f727a7539eaad0164eb43fc012e0
bb74baf9a32ef73e2e49faa2c9076f24
bca5dbb75b447315cfd298b817a041b5
bd28f02e8d6b678c395300c32c8a9959
c0f2ee7c2b21afffc7ff91815942a77f
c238dce9db68fc15aecfb5c02e1c2f67
c2465a17cfa162e4ecd88cbf41157a6c
c47980282dd1dabfe777a42b44fe6929
c8ccd4f6f72491a037b58742b9d1143c
c942c5ce22f14f22819bf7152a121884
c9791826da23403ec5075672d9e6ef66
c9d4d01ba0e6d49ffe9a5b6f17c8d7a8
cb98a7985ef622420f70243bf5550db3
ced0063a3279def0739c01fdaa15afc2
d63d0e21fdc05f618d55ef306c54af82
d93c9d8ef9feec030660d85f8de7fb1f
dd745d3953658bdfed3f7135a2a58e73
de2d0c0edf158e84bba958a74b345e44
e0326c2e544878febfbd8670a46d8090
e29dd7309fe40ba7f2dc1c3287fbc290
e38eb544cabd9e60c82410a4ce5b74f8
e8f0aad77c93ac3ebff67a4c18c60848
ea51b35b238a4139dc45a5ab9daae5d7
ec63d135ff7817e1a2b625676a2ef703
f5e1c836476fde8287cf16b4e6657295
f6410f8fc76ebd2883a468fdace871c5
fc666666bd301fefb45f47c082951986
fc8cc3b771c477f0ec4f4c987366a7fb
gd22c118b36c4800f23bce730b48866b
i5e469e17c7d2d72f8a64a3f50aa177c
pe185265bb6b006fd90f1aa39dcda5d9
u8cd4da22a687d3c9d86b6f61f9b6138

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 22.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 13.7MB - Virtual size: 13.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 213e12

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 397KB - Virtual size: 397KB

.data Size: 103KB - Virtual size: 342KB

.pdata Size: 60KB - Virtual size: 59KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 656B

.reloc Size: 4KB - Virtual size: 3KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 22.7MB

.boot Size: 13.7MB - Virtual size: 13.7MB

.reloc Size: 16B - Virtual size: 4KB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 397KB - Virtual size: 397KB

.data
Size: 103KB - Virtual size: 342KB

.pdata
Size: 60KB - Virtual size: 59KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 656B

.reloc
Size: 4KB - Virtual size: 3KB

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 22.7MB

.boot
Size: 13.7MB - Virtual size: 13.7MB

.reloc
Size: 16B - Virtual size: 4KB