71fbb43bc6ac247abc783cae5912b4da824f6ec4b6c839c3a667d3581e202571

Sharing

Copy URL

Twitter E-mail

General

Target

71fbb43bc6ac247abc783cae5912b4da824f6ec4b6c839c3a667d3581e202571
Size

4.2MB
MD5

9b777cc0f8e40c448b3f134260e53042
SHA1

62f839307a93badccf0527cddb1cf53908b1a02f
SHA256

71fbb43bc6ac247abc783cae5912b4da824f6ec4b6c839c3a667d3581e202571
SHA512

c6d7ab6d20795d1d3a5855c95c873deb801fb03b56e841419932f4619eb74f29726363b88aad3bf4966ed3d064283cb63d76abf05e1aa6732f0fbac30b103d77
SSDEEP

98304:WsQ6XunZpD3gUr4JYf9FrgwgQwhWzuJQqFp0RPYJwNH7/eQ:nenZpDHr/ZgzWzuuq/0RQJwd7/eQ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71fbb43bc6ac247abc783cae5912b4da824f6ec4b6c839c3a667d3581e202571

Files

71fbb43bc6ac247abc783cae5912b4da824f6ec4b6c839c3a667d3581e202571
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??0IFFUpgradeEventObserver@@QEAA@$$QEAV0@@Z
??0IFFUpgradeEventObserver@@QEAA@AEBV0@@Z
??0IFFUpgradeEventObserver@@QEAA@XZ
??0IFFUpgradeService@@QEAA@$$QEAV0@@Z
??0IFFUpgradeService@@QEAA@AEBV0@@Z
??0IFFUpgradeService@@QEAA@XZ
??4IFFUpgradeEventObserver@@QEAAAEAV0@$$QEAV0@@Z
??4IFFUpgradeEventObserver@@QEAAAEAV0@AEBV0@@Z
??4IFFUpgradeService@@QEAAAEAV0@$$QEAV0@@Z
??4IFFUpgradeService@@QEAAAEAV0@AEBV0@@Z
??_7IFFUpgradeEventObserver@@6B@
??_7IFFUpgradeService@@6B@
createUpgradeService
releaseUpgradeService

Sections

Size: 31KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 54KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 31KB - Virtual size: 69KB

Size: 10KB - Virtual size: 33KB

Size: 1024B - Virtual size: 3KB

Size: 3KB - Virtual size: 4KB

Size: 54KB - Virtual size: 191KB

Size: 512B - Virtual size: 424B

.edata Size: 1024B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 192KB - Virtual size: 192KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.edata
Size: 1024B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 192KB - Virtual size: 192KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.9MB - Virtual size: 3.9MB