d203355513fd6ce4cf3fd90dfb3725948147cd2e7fecdbc9281411fb4e9c2644N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d203355513fd6ce4cf3fd90dfb3725948147cd2e7fecdbc9281411fb4e9c2644N
Size

748KB
MD5

fd5d7e6f94f9513dcaaacd4d6ce35c20
SHA1

fbc490f1eade6f5bc40a49abe73126a5bedfc48d
SHA256

d203355513fd6ce4cf3fd90dfb3725948147cd2e7fecdbc9281411fb4e9c2644
SHA512

69946511ffac9480a7f8491f0954883888a49b7c11c47f9511fdef28e34e4c8fea8a606df492956d198e779e73a99360296d8ef0e9a30f39eab5179f912aab6a
SSDEEP

12288:7iVJ5fRyAmnNMpzi0v8DjDBk3dp7+CiZz0NpnpjwnDR3hSAft:mX54NMpi0v8DhspHiZ8wnDRcAF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d203355513fd6ce4cf3fd90dfb3725948147cd2e7fecdbc9281411fb4e9c2644N

Files

d203355513fd6ce4cf3fd90dfb3725948147cd2e7fecdbc9281411fb4e9c2644N
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_GetStatus
D3DPERF_QueryRepeatFrame
D3DPERF_SetMarker
D3DPERF_SetOptions
D3DPERF_SetRegion
Direct3DCreate9

Sections

Size: 68KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 668KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE