0cb08c9b3677a1edc4101a87464089f07aa8a9e0eb1259f62ea378c3cafd8cbd

Sharing

Copy URL Twitter E-mail

General

Target

0cb08c9b3677a1edc4101a87464089f07aa8a9e0eb1259f62ea378c3cafd8cbd
Size

15.1MB
MD5

dcf942daa48c633394caf6be02003b4e
SHA1

f77a769939631026086e33b4ed1a5f2a7a774991
SHA256

0cb08c9b3677a1edc4101a87464089f07aa8a9e0eb1259f62ea378c3cafd8cbd
SHA512

2605c8f22a31500197679c9c542f37899ed242bd144bf6f6b587eeeada796499d7ae21cc0d830d927560e4ff3036b65f58f3710bf66dd0166f2a09a8af325e28
SSDEEP

393216:WSKSPJT3MU21zAhYZZx7pZgC5krdGE3Kk+vay4nzmyMf:VJT38zNZ+qkrj5+vOG

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cb08c9b3677a1edc4101a87464089f07aa8a9e0eb1259f62ea378c3cafd8cbd

Files

0cb08c9b3677a1edc4101a87464089f07aa8a9e0eb1259f62ea378c3cafd8cbd
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??0FFTRealWrapper@@QEAA@XZ
??1FFTRealWrapper@@QEAA@XZ
?calculateFFT@FFTRealWrapper@@QEAAXQEAMQEBM@Z
QRcode_APIVersion
QRcode_APIVersionString
QRcode_List_free
QRcode_List_size
QRcode_clearCache
QRcode_encodeData
QRcode_encodeDataMQR
QRcode_encodeDataStructured
QRcode_encodeInput
QRcode_encodeInputStructured
QRcode_encodeString
QRcode_encodeString8bit
QRcode_encodeString8bitMQR
QRcode_encodeString8bitStructured
QRcode_encodeStringMQR
QRcode_encodeStringStructured
QRcode_free
QRinput_Struct_appendInput
QRinput_Struct_free
QRinput_Struct_insertStructuredAppendHeaders
QRinput_Struct_new
QRinput_Struct_setParity
QRinput_append
QRinput_appendECIheader
QRinput_check
QRinput_free
QRinput_getErrorCorrectionLevel
QRinput_getVersion
QRinput_new
QRinput_new2
QRinput_newMQR
QRinput_setErrorCorrectionLevel
QRinput_setFNC1First
QRinput_setFNC1Second
QRinput_setVersion
QRinput_setVersionAndErrorCorrectionLevel
QRinput_splitQRinputToStruct
RSECC_encode
strdup

Sections

Size: 270KB - Virtual size: 915KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 10.1MB - Virtual size: 10.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 43KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 39KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 270KB - Virtual size: 915KB

Size: 10.1MB - Virtual size: 10.1MB

Size: 4KB - Virtual size: 24KB

Size: 43KB - Virtual size: 76KB

Size: 39KB - Virtual size: 424KB

Size: 1KB - Virtual size: 5KB

.edata Size: 1KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 424KB - Virtual size: 424KB

.themida Size: - Virtual size: 7.0MB

.boot Size: 4.2MB - Virtual size: 4.2MB

.reloc Size: 16B - Virtual size: 4KB

.edata
Size: 1KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 424KB - Virtual size: 424KB

.themida
Size: - Virtual size: 7.0MB

.boot
Size: 4.2MB - Virtual size: 4.2MB

.reloc
Size: 16B - Virtual size: 4KB