1e539c29b3ef83ed940d27bbade416a579e36dda1e0ffc17f8f955ce64259a15

Sharing

Copy URL Twitter E-mail

General

Target

1e539c29b3ef83ed940d27bbade416a579e36dda1e0ffc17f8f955ce64259a15
Size

4.3MB
MD5

ff73dacc5c129fc094c964f2c526dd7a
SHA1

679e0203959cc3119ef055f761e215fdb13e76dc
SHA256

1e539c29b3ef83ed940d27bbade416a579e36dda1e0ffc17f8f955ce64259a15
SHA512

d4d67823f9f486c0b3f0b12fd33c7b7b840cb8a0c3d3d17c8360214205eeab38fae744bcac2685dc4f4a2f845b4a6eb4b971be80d2ef07390fd0f78636510440
SSDEEP

98304:1rJm5juEdL86fOGWd6YCMgmu8oH5uWm30WlxGofadY:1odY6finAljc30WlbSY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e539c29b3ef83ed940d27bbade416a579e36dda1e0ffc17f8f955ce64259a15

Files

1e539c29b3ef83ed940d27bbade416a579e36dda1e0ffc17f8f955ce64259a15
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0FFRegisterCheckHelper@@QEAA@PEAVQObject@@@Z
??0RegisterHelper@@QEAA@AEBVQString@@000@Z
??1FFRegisterCheckHelper@@UEAA@XZ
??1RegisterHelper@@QEAA@XZ
??4RegisterHelper@@QEAAAEAV0@AEBV0@@Z
??_7FFRegisterCheckHelper@@6B@
??_FFFRegisterCheckHelper@@QEAAXXZ
?DoRegistration@RegisterHelper@@QEAA_NAEBVQString@@00@Z
?DoUnregistered@RegisterHelper@@QEAAXXZ
?GetEmail@RegisterHelper@@QEAA?AVQString@@XZ
?GetRegCode@RegisterHelper@@QEAA?AVQString@@XZ
?GetRegistered@RegisterHelper@@QEAA_NXZ
?UpdateInfo@RegisterHelper@@QEAAXXZ
?doCheck@FFRegisterCheckHelper@@QEAAXXZ
?metaObject@FFRegisterCheckHelper@@UEBAPEBUQMetaObject@@XZ
?qt_metacall@FFRegisterCheckHelper@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@FFRegisterCheckHelper@@UEAAPEAXPEBD@Z
?qt_static_metacall@FFRegisterCheckHelper@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
?signalCheckFinished@FFRegisterCheckHelper@@QEAAX_NAEBVQString@@@Z
?staticMetaObject@FFRegisterCheckHelper@@2UQMetaObject@@B
?tr@FFRegisterCheckHelper@@SA?AVQString@@PEBD0H@Z
?trUtf8@FFRegisterCheckHelper@@SA?AVQString@@PEBD0H@Z

Sections

Size: 42KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 54KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 42KB - Virtual size: 88KB

Size: 12KB - Virtual size: 37KB

Size: 512B - Virtual size: 3KB

Size: 3KB - Virtual size: 5KB

Size: 54KB - Virtual size: 191KB

Size: 512B - Virtual size: 344B

.edata Size: 1KB - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 192KB - Virtual size: 192KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 192KB - Virtual size: 192KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 16B - Virtual size: 4KB