0150e208d6d68c607dea88f0a3dfe0ce888f3ab3ff45d484263bf232a23cd409

Sharing

Copy URL Twitter E-mail

General

Target

0150e208d6d68c607dea88f0a3dfe0ce888f3ab3ff45d484263bf232a23cd409
Size

7.8MB
MD5

42cc84b5a94eeb4df3fb0653625f9e1e
SHA1

af93500822e3fb9b8b52fadd2623c855b4fff2c0
SHA256

0150e208d6d68c607dea88f0a3dfe0ce888f3ab3ff45d484263bf232a23cd409
SHA512

77ea4ae4b0919a27bd09c3a60d081d75fb543d4afc5eac78657cbed5278cdfef2c7e827ca05a8f48d57e584f690f749eae5589f77216daabd9a33e84bb1fc363
SSDEEP

196608:2xrmp/Z9CWLO9mvburEmck6gX0zcmh7Qwft34n:h/ZLDmEmXZkzzVx10

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0150e208d6d68c607dea88f0a3dfe0ce888f3ab3ff45d484263bf232a23cd409

Files

0150e208d6d68c607dea88f0a3dfe0ce888f3ab3ff45d484263bf232a23cd409
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

BindPakFile
FreeFilePak
FreeRes
LoadFilePak
LoadRes
ReleasePakFile

Sections

Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.1MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.loadcon
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 28KB - Virtual size: 42KB

Size: 4KB - Virtual size: 10KB

Size: 4KB - Virtual size: 31KB

Size: 5.1MB - Virtual size: 7.0MB

Size: 4KB - Virtual size: 5KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.themida Size: - Virtual size: 4.1MB

.loadcon Size: 4KB - Virtual size: 4KB

.boot Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.themida
Size: - Virtual size: 4.1MB

.loadcon
Size: 4KB - Virtual size: 4KB

.boot
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 16B - Virtual size: 4KB