morphine[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

morphine.exe
Size

4.1MB
MD5

37a86cbbed2df6489eda1694fab800c6
SHA1

b37326fd5198a6333d215df1ba1d3776a37b2aec
SHA256

4ecc911f674fe3ed2fdd1df733f17160b3b23f1990c3bc3334155e48335943d3
SHA512

86db636c0920400992a822361ed384972d9325ac4c8847b5efb27c486552e07be938d670a11d47a20c4398a8103b0af10865fd19855853621ed42ce219457642
SSDEEP

98304:XWv/hJpkxZewlYrZKQTM49ufIggpQSrKN99PJweU:+HIeecM4Mgg8QN99P5U

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
morphine.exe

Files

morphine.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

?mGetExportedFunctionOffset@mProcessFunctions@@YAKAEBQEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetHandle@mProcessFunctions@@YAPEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ProcessAccess@1@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetModuleBitness@mProcessFunctions@@YA?AW4Bitness@1@AEBQEAUHINSTANCE__@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetPID@mProcessFunctions@@YAKAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetPatternAddress@mMemoryFunctions@@YAKPEBD0AEBQEAXQEAUHINSTANCE__@@@Z
?mInjectDLL@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0H@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBQEAXAEB_K1@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K1@Z
?mValidateHandle@mProcessFunctions@@YA_NAEAPEAX@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBQEAXAEB_KAEBQEBX1@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_KAEBQEBX1@Z

Sections

Size: 416KB - Virtual size: 806KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 79KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 416KB - Virtual size: 806KB

Size: 79KB - Virtual size: 194KB

Size: 35KB - Virtual size: 102KB

Size: 20KB - Virtual size: 33KB

Size: 512B - Virtual size: 488B

Size: 1KB - Virtual size: 1KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.1MB

.boot Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 16B - Virtual size: 4KB