3bcb0dcf3955b88244a0780bf3a72d11015f591492f6dc88ab1c149cb41c873c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3bcb0dcf3955b88244a0780bf3a72d11015f591492f6dc88ab1c149cb41c873c
Size

1.4MB
MD5

0e6657e262e7727ff8365020669d2da5
SHA1

e20cd4c45ff0cfdfbb1e540b8d09f310d0080df2
SHA256

3bcb0dcf3955b88244a0780bf3a72d11015f591492f6dc88ab1c149cb41c873c
SHA512

1d3c21ec7bfd908e6c3474d6a810e862e9c49c0c469e18c1f941fa3fdc18481f10d5332f7b67a3ac8682ff455a0eefc6dcec35551d54510830442c7c2fae5143
SSDEEP

24576:NsskrEfwuuA/2OIDa4PIidS94FqtNRpEKJEPZFfguNqMIuxjowdy/RrARthQsUsd:p4ascdIOridFcyKW3rFv4ohQZsOq

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bcb0dcf3955b88244a0780bf3a72d11015f591492f6dc88ab1c149cb41c873c

Files

3bcb0dcf3955b88244a0780bf3a72d11015f591492f6dc88ab1c149cb41c873c
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Csocket@Finalize
@@Csocket@Initialize
@@Ffrmbot@Finalize
@@Ffrmbot@Initialize
@@Ffrmlogin@Finalize
@@Ffrmlogin@Initialize
@@Main@Finalize
@@Main@Initialize
___CPPdebugHook
_dlgAddition
_dlgCZ
_dlgParty
_frmBot
_frmLogin

Sections

Size: 726KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 716KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE