f2dc4711-JSO8wV[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f2dc4711-JSO8wV.exe
Size

6.8MB
MD5

ac2c63f0ca0e4dd9d78a0cf10ac33919
SHA1

2d453b60510e172cc17cafd077b464aa5a447d36
SHA256

6104d543fd3c78a3fba40aa156877902188c793de4fc3390b101f842a1eb2bc4
SHA512

bb699ec92084a968a3a309c73562ef928adc26de882185c02105f2fe352b1a64347929b397e5caaa400d52e79be8aa7707db1fe3e664cc89cb5c72a92843403b
SSDEEP

196608:b8e9pYU6GFtwZOksfnFlbTwV5vNuB4JTpmwl1RLmH:b80pYUbozsfFlTYvo4d11O

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2dc4711-JSO8wV.exe

Files

f2dc4711-JSO8wV.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0Assembler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Assembler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0BaseAssembler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseBuilder@_abi_1_10@asmjit@@QEAA@XZ
??0BaseCompiler@_abi_1_10@asmjit@@QEAA@XZ
??0BaseEmitter@_abi_1_10@asmjit@@QEAA@W4EmitterType@12@@Z
??0Builder@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Builder@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0CodeHolder@_abi_1_10@asmjit@@QEAA@PEBUTemporary@Support@12@@Z
??0Compiler@a64@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0Compiler@x86@_abi_1_10@asmjit@@QEAA@PEAVCodeHolder@23@@Z
??0ConstPool@_abi_1_10@asmjit@@QEAA@PEAVZone@12@@Z
??0ErrorHandler@_abi_1_10@asmjit@@QEAA@XZ
??0FileLogger@_abi_1_10@asmjit@@QEAA@PEAU_iobuf@@@Z
??0FuncPass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0JitAllocator@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@012@@Z
??0JitRuntime@_abi_1_10@asmjit@@QEAA@PEBUCreateParams@JitAllocator@12@@Z
??0Logger@_abi_1_10@asmjit@@QEAA@XZ
??0Pass@_abi_1_10@asmjit@@QEAA@PEBD@Z
??0StringLogger@_abi_1_10@asmjit@@QEAA@XZ
??0Target@_abi_1_10@asmjit@@QEAA@XZ
??1Assembler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Assembler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1BaseAssembler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseBuilder@_abi_1_10@asmjit@@UEAA@XZ
??1BaseCompiler@_abi_1_10@asmjit@@UEAA@XZ
??1BaseEmitter@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Builder@x86@_abi_1_10@asmjit@@UEAA@XZ
??1CodeHolder@_abi_1_10@asmjit@@QEAA@XZ
??1Compiler@a64@_abi_1_10@asmjit@@UEAA@XZ
??1Compiler@x86@_abi_1_10@asmjit@@UEAA@XZ
??1ConstPool@_abi_1_10@asmjit@@QEAA@XZ
??1ErrorHandler@_abi_1_10@asmjit@@UEAA@XZ
??1FileLogger@_abi_1_10@asmjit@@UEAA@XZ
??1JitAllocator@_abi_1_10@asmjit@@QEAA@XZ
??1JitRuntime@_abi_1_10@asmjit@@UEAA@XZ
??1Logger@_abi_1_10@asmjit@@UEAA@XZ
??1Pass@_abi_1_10@asmjit@@UEAA@XZ
??1StringLogger@_abi_1_10@asmjit@@UEAA@XZ
??1Target@_abi_1_10@asmjit@@UEAA@XZ
??_FAssembler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FAssembler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FBuilder@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FCodeHolder@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@a64@_abi_1_10@asmjit@@QEAAXXZ
??_FCompiler@x86@_abi_1_10@asmjit@@QEAAXXZ
??_FFileLogger@_abi_1_10@asmjit@@QEAAXXZ
??_FJitAllocator@_abi_1_10@asmjit@@QEAAXXZ
??_FJitRuntime@_abi_1_10@asmjit@@QEAAXXZ
?_add@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAPEAXPEAVCodeHolder@23@@Z
?_alloc@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?_alloc@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_allocZeroed@ZoneAllocator@_abi_1_10@asmjit@@QEAAPEAX_KAEA_K@Z
?_append@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_N@Z
?_archTraits@_abi_1_10@asmjit@@3QBUArchTraits@12@B
?_cleanupBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAXI_K@Z
?_commonInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUCommonInfo@1234@B
?_emit@Assembler@a64@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@Assembler@x86@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@34@00PEBU534@@Z
?_emit@BaseBuilder@_abi_1_10@asmjit@@UEAAIIAEBUOperand_@23@00PEBU423@@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAII@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@000@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@00@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@0@Z
?_emitI@BaseEmitter@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@@Z
?_emitOpArray@BaseEmitter@_abi_1_10@asmjit@@UEAAIIPEBUOperand_@23@_K@Z
?_grow@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_init@Zone@_abi_1_10@asmjit@@QEAAX_K0PEBUTemporary@Support@23@@Z
?_init@ZoneStackBase@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@_K@Z
?_insert@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_instInfoTable@InstDB@a64@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instInfoTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstInfo@1234@B
?_instSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUInstSignature@1234@B
?_log@FileLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_log@StringLogger@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?_newConst@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@W4ConstPoolScope@23@PEBX_K@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBD@Z
?_newReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBD@Z
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@AEBV423@PEBDZZ
?_newRegFmt@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseReg@23@W4TypeId@23@PEBDZZ
?_newStack@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAVBaseMem@23@IIPEBD@Z
?_opChar@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D@Z
?_opChars@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@D_K@Z
?_opFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDZZ
?_opHex@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBX_KD@Z
?_opNumber@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@_KI1W4StringFormatFlags@23@@Z
?_opSignatureTable@InstDB@x86@_abi_1_10@asmjit@@3QBUOpSignature@1234@B
?_opString@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBD_K@Z
?_opVFormat@String@_abi_1_10@asmjit@@QEAAIW4ModifyOp@123@PEBDPEAD@Z
?_prepareBlock@ZoneStackBase@_abi_1_10@asmjit@@QEAAII_K@Z
?_rehash@ZoneHashBase@_abi_1_10@asmjit@@QEAAXPEAVZoneAllocator@23@I@Z
?_release@JitRuntime@_abi_1_10@asmjit@@UEAAIPEAX@Z
?_releaseDynamic@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAX_K@Z
?_remove@ZoneHashBase@_abi_1_10@asmjit@@QEAAPEAVZoneHashNode@23@PEAVZoneAllocator@23@PEAV423@@Z
?_reserve@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_resize@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@II_N@Z
?_resize@ZoneVectorBase@_abi_1_10@asmjit@@IEAAIPEAVZoneAllocator@23@II@Z
?_typeData@TypeUtils@_abi_1_10@asmjit@@3UTypeData@123@B
?_zeroBlock@Zone@_abi_1_10@asmjit@@2UBlock@123@B
?add@ConstPool@_abi_1_10@asmjit@@QEAAIPEBX_KAEA_K@Z
?addAddressToAddressTable@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?addAfter@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addBefore@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@0@Z
?addDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?addFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVFuncNode@23@PEAV423@@Z
?addFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?addFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?addInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?addNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?addPass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?align@Assembler@a64@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@Assembler@x86@_abi_1_10@asmjit@@UEAAIW4AlignMode@34@I@Z
?align@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4AlignMode@23@I@Z
?alloc@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAPEAX0_K@Z
?alloc@VirtMem@_abi_1_10@asmjit@@YAIPEAPEAX_KW4MemoryFlags@123@@Z
?allocDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_KW4MemoryFlags@123@@Z
?allocZeroed@Zone@_abi_1_10@asmjit@@QEAAPEAX_K0@Z
?assertionFailed@DebugUtils@_abi_1_10@asmjit@@YAXPEBDH0@Z
?assign@String@_abi_1_10@asmjit@@QEAAIPEBD_K@Z
?attach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?bind@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bind@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@@Z
?bindLabel@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVLabel@23@I_K@Z
?clear@String@_abi_1_10@asmjit@@QEAAIXZ
?clearDiagnosticOptions@BaseEmitter@_abi_1_10@asmjit@@QEAAXW4DiagnosticOptions@23@@Z
?codeSize@CodeHolder@_abi_1_10@asmjit@@QEBA_KXZ
?comment@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?comment@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBD_K@Z
?commentf@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDZZ
?commentv@BaseEmitter@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?copyFlattenedData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KW4CopySectionFlags@23@@Z
?copyFrom@ZoneBitVector@_abi_1_10@asmjit@@QEAAIPEAVZoneAllocator@23@AEBV123@@Z
?copySectionData@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAX_KIW4CopySectionFlags@23@@Z
?debugOutput@DebugUtils@_abi_1_10@asmjit@@YAXPEBD@Z
?deletePass@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVPass@23@@Z
?detach@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?dup@Zone@_abi_1_10@asmjit@@QEAAPEAXPEBX_K_N@Z
?embed@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embed@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEBX_K@Z
?embedConstPool@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedConstPool@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@AEBVConstPool@23@@Z
?embedDataArray@BaseAssembler@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedDataArray@BaseBuilder@_abi_1_10@asmjit@@UEAAIW4TypeId@23@PEBX_K2@Z
?embedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@_K@Z
?embedLabelDelta@BaseAssembler@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?embedLabelDelta@BaseBuilder@_abi_1_10@asmjit@@UEAAIAEBVLabel@23@0_K@Z
?emitAnnotatedJump@BaseCompiler@_abi_1_10@asmjit@@QEAAIIAEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?emitArgsAssignment@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@AEBVFuncArgsAssignment@23@@Z
?emitEpilog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?emitProlog@BaseEmitter@_abi_1_10@asmjit@@QEAAIAEBVFuncFrame@23@@Z
?endFunc@BaseCompiler@_abi_1_10@asmjit@@QEAAIXZ
?ensureAddressTableSection@CodeHolder@_abi_1_10@asmjit@@QEAAPEAVSection@23@XZ
?eq@String@_abi_1_10@asmjit@@QEBA_NPEBD_K@Z
?errorAsString@DebugUtils@_abi_1_10@asmjit@@YAPEBDI@Z
?fill@ConstPool@_abi_1_10@asmjit@@QEBAXPEAX@Z
?finalize@BaseEmitter@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Builder@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@a64@_abi_1_10@asmjit@@UEAAIXZ
?finalize@Compiler@x86@_abi_1_10@asmjit@@UEAAIXZ
?finalize@FuncFrame@_abi_1_10@asmjit@@QEAAIXZ
?flatten@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?flushInstructionCache@VirtMem@_abi_1_10@asmjit@@YAXPEAX_K@Z
?formatData@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@PEBX_K5@Z
?formatDataType@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@W4Arch@23@W4TypeId@23@@Z
?formatFeature@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4Arch@23@I@Z
?formatInstruction@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_K@Z
?formatLabel@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@I@Z
?formatNode@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@@Z
?formatNodeList@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@AEBVFormatOptions@23@PEBVBaseBuilder@23@PEBVBaseNode@23@3@Z
?formatOperand@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@AEBUOperand_@23@@Z
?formatRegister@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4FormatFlags@23@PEBVBaseEmitter@23@W4Arch@23@W4RegType@23@I@Z
?formatTypeId@Formatter@_abi_1_10@asmjit@@YAIAEAVString@23@W4TypeId@23@@Z
?getTickCount@OSUtils@_abi_1_10@asmjit@@YAIXZ
?growBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?hardenedRuntimeInfo@VirtMem@_abi_1_10@asmjit@@YA?AUHardenedRuntimeInfo@123@XZ
?host@CpuInfo@_abi_1_10@asmjit@@SAAEBV123@XZ
?info@VirtMem@_abi_1_10@asmjit@@YA?AUInfo@123@XZ
?init@CallConv@_abi_1_10@asmjit@@QEAAIW4CallConvId@23@AEBVEnvironment@23@@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@AEBVCpuFeatures@23@_K@Z
?init@CodeHolder@_abi_1_10@asmjit@@QEAAIAEBVEnvironment@23@_K@Z
?init@FuncDetail@_abi_1_10@asmjit@@QEAAIAEBUFuncSignature@23@AEBVEnvironment@23@@Z
?init@FuncFrame@_abi_1_10@asmjit@@QEAAIAEBVFuncDetail@23@@Z
?instIdToString@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@IAEAVString@23@@Z
?isLabelValid@BaseEmitter@_abi_1_10@asmjit@@QEBA_NI@Z
?labelByName@BaseEmitter@_abi_1_10@asmjit@@QEAA?AVLabel@23@PEBD_KI@Z
?labelIdByName@CodeHolder@_abi_1_10@asmjit@@QEAAIPEBD_KI@Z
?labelNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@I@Z
?logf@Logger@_abi_1_10@asmjit@@QEAAIPEBDZZ
?logv@Logger@_abi_1_10@asmjit@@QEAAIPEBDPEAD@Z
?newAlignNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVAlignNode@23@W4AlignMode@23@I@Z
?newCommentNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVCommentNode@23@PEBD_K@Z
?newConstPoolNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVConstPoolNode@23@@Z
?newEmbedDataNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVEmbedDataNode@23@W4TypeId@23@PEBX_K3@Z
?newFuncNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncNode@23@AEBUFuncSignature@23@@Z
?newFuncRetNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVFuncRetNode@23@AEBUOperand_@23@1@Z
?newInstNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVInstNode@23@IW4InstOptions@23@I@Z
?newInvokeNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVInvokeNode@23@IAEBUOperand_@23@AEBUFuncSignature@23@@Z
?newJumpAnnotation@BaseCompiler@_abi_1_10@asmjit@@QEAAPEAVJumpAnnotation@23@XZ
?newJumpNode@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVJumpNode@23@IW4InstOptions@23@AEBUOperand_@23@PEAVJumpAnnotation@23@@Z
?newLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@XZ
?newLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@@Z
?newLabelLink@CodeHolder@_abi_1_10@asmjit@@QEAAPEAULabelLink@23@PEAVLabelEntry@23@I_K_JAEBUOffsetFormat@23@@Z
?newLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelNode@23@@Z
?newNamedLabel@BaseAssembler@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabel@BaseBuilder@_abi_1_10@asmjit@@UEAA?AVLabel@23@PEBD_KW4LabelType@23@I@Z
?newNamedLabelEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVLabelEntry@23@PEBD_KW4LabelType@23@I@Z
?newRelocEntry@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAURelocEntry@23@W4RelocType@23@@Z
?newSection@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAPEAVSection@23@PEBD_KW4SectionFlags@23@IH@Z
?newVirtReg@BaseCompiler@_abi_1_10@asmjit@@QEAAIPEAPEAVVirtReg@23@W4TypeId@23@UOperandSignature@23@PEBD@Z
?onAttach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onAttach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onAttach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Assembler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@BaseCompiler@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@23@@Z
?onDetach@Builder@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Builder@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@a64@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onDetach@Compiler@x86@_abi_1_10@asmjit@@UEAAIPEAVCodeHolder@34@@Z
?onSettingsUpdated@BaseEmitter@_abi_1_10@asmjit@@UEAAXXZ
?padEnd@String@_abi_1_10@asmjit@@QEAAI_KD@Z
?passByName@BaseBuilder@_abi_1_10@asmjit@@QEBAPEAVPass@23@PEBD@Z
?prepare@String@_abi_1_10@asmjit@@QEAAPEADW4ModifyOp@123@_K@Z
?protect@VirtMem@_abi_1_10@asmjit@@YAIPEAX_KW4MemoryFlags@123@@Z
?protectJitMemory@VirtMem@_abi_1_10@asmjit@@YAXW4ProtectJitAccess@123@@Z
?query@JitAllocator@_abi_1_10@asmjit@@QEBAIPEAXPEAPEAX1PEA_K@Z
?queryFeatures@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAVCpuFeatures@23@@Z
?queryRWInfo@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KPEAUInstRWInfo@23@@Z
?registerLabelNode@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVLabelNode@23@@Z
?release@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX@Z
?release@VirtMem@_abi_1_10@asmjit@@YAIPEAX_K@Z
?releaseDualMapping@VirtMem@_abi_1_10@asmjit@@YAIPEAUDualMapping@123@_K@Z
?relocateToBase@CodeHolder@_abi_1_10@asmjit@@QEAAI_K@Z
?removeNode@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?removeNodes@BaseBuilder@_abi_1_10@asmjit@@QEAAXPEAVBaseNode@23@0@Z
?rename@BaseCompiler@_abi_1_10@asmjit@@QEAAXAEBVBaseReg@23@PEBDZZ
?reportError@BaseEmitter@_abi_1_10@asmjit@@QEAAIIPEBD@Z
?reserveBuffer@CodeHolder@_abi_1_10@asmjit@@QEAAIPEAUCodeBuffer@23@_K@Z
?reset@CodeHolder@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ConstPool@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?reset@JitAllocator@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@String@_abi_1_10@asmjit@@QEAAIXZ
?reset@Zone@_abi_1_10@asmjit@@QEAAXW4ResetPolicy@23@@Z
?reset@ZoneAllocator@_abi_1_10@asmjit@@QEAAXPEAVZone@23@@Z
?resolveUnresolvedLinks@CodeHolder@_abi_1_10@asmjit@@QEAAIXZ
?run@FuncPass@_abi_1_10@asmjit@@UEAAIPEAVZone@23@PEAVLogger@23@@Z
?runPasses@BaseBuilder@_abi_1_10@asmjit@@QEAAIXZ
?section@BaseAssembler@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?section@BaseBuilder@_abi_1_10@asmjit@@UEAAIPEAVSection@23@@Z
?sectionByName@CodeHolder@_abi_1_10@asmjit@@QEBAPEAVSection@23@PEBD_K@Z
?sectionNodeOf@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAPEAVSectionNode@23@I@Z
?serializeTo@BaseBuilder@_abi_1_10@asmjit@@QEAAIPEAVBaseEmitter@23@@Z
?setCursor@BaseBuilder@_abi_1_10@asmjit@@QEAAPEAVBaseNode@23@PEAV423@@Z
?setErrorHandler@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setErrorHandler@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVErrorHandler@23@@Z
?setLogger@BaseEmitter@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setLogger@CodeHolder@_abi_1_10@asmjit@@QEAAXPEAVLogger@23@@Z
?setOffset@BaseAssembler@_abi_1_10@asmjit@@QEAAI_K@Z
?setStackSize@BaseCompiler@_abi_1_10@asmjit@@QEAAIIII@Z
?sformat@Zone@_abi_1_10@asmjit@@QEAAPEADPEBDZZ
?shrink@JitAllocator@_abi_1_10@asmjit@@QEAAIPEAX_K@Z
?stackAlignment@Environment@_abi_1_10@asmjit@@QEBAIXZ
?statistics@JitAllocator@_abi_1_10@asmjit@@QEBA?AUStatistics@123@XZ
?stringToInstId@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@PEBD_K@Z
?truncate@String@_abi_1_10@asmjit@@QEAAI_K@Z
?typeIdToRegSignature@ArchUtils@_abi_1_10@asmjit@@YAIW4Arch@23@W4TypeId@23@PEAW4523@PEAUOperandSignature@23@@Z
?updateFuncFrame@FuncArgsAssignment@_abi_1_10@asmjit@@QEBAIAEAVFuncFrame@23@@Z
?updateSectionLinks@BaseBuilder@_abi_1_10@asmjit@@QEAAXXZ
?validate@InstAPI@_abi_1_10@asmjit@@YAIW4Arch@23@AEBVBaseInst@23@PEBUOperand_@23@_KW4ValidationFlags@23@@Z

Sections

Size: 1.1MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 209KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 210KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 68KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 1.1MB - Virtual size: 2.5MB

Size: 209KB - Virtual size: 501KB

Size: 210KB - Virtual size: 884KB

Size: 68KB - Virtual size: 127KB

Size: 512B - Virtual size: 488B

Size: 3KB - Virtual size: 12KB

.edata Size: 21KB - Virtual size: 21KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 8.0MB

.boot Size: 5.2MB - Virtual size: 5.2MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 21KB - Virtual size: 21KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 8.0MB

.boot
Size: 5.2MB - Virtual size: 5.2MB

.reloc
Size: 16B - Virtual size: 4KB