5eb852b035eaa21d4c83bff26b57b2928c2886e03c83bb1590019f72cb4038b9N

Sharing

Copy URL Twitter E-mail

General

Target

5eb852b035eaa21d4c83bff26b57b2928c2886e03c83bb1590019f72cb4038b9N
Size

3.7MB
MD5

2eb07e2bd95e89120937e25811149080
SHA1

69032b531cb26abe7a7f485a33d99862e8001d86
SHA256

5eb852b035eaa21d4c83bff26b57b2928c2886e03c83bb1590019f72cb4038b9
SHA512

3ae29a4e42518f87d934dd6fef3576146104f9b6b66a9bbf6696b260b2394059eb565ae1793559a8fa8997291f7f915dbfb81c632acf00dac1fb52281e13dc19
SSDEEP

98304:NVYMkDpM0zxwcuIKGpL9a6tc/lviML3g+3TlB:SpM0NFuIKGppa6tWiMDHDf

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5eb852b035eaa21d4c83bff26b57b2928c2886e03c83bb1590019f72cb4038b9N

Files

5eb852b035eaa21d4c83bff26b57b2928c2886e03c83bb1590019f72cb4038b9N
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

??$argsort@M@math@utils@ortcv@@YA?AV?$vector@IV?$allocator@I@std@@@std@@AEBV?$vector@MV?$allocator@M@std@@@4@@Z
??$argsort@M@math@utils@ortcv@@YA?AV?$vector@IV?$allocator@I@std@@@std@@PEBMI@Z
??$cosine_similarity@M@math@utils@ortcv@@YAMAEBV?$vector@MV?$allocator@M@std@@@std@@0@Z
??$softmax@M@math@utils@ortcv@@YA?AV?$vector@MV?$allocator@M@std@@@std@@AEBV34@AEAI@Z
??$softmax@M@math@utils@ortcv@@YA?AV?$vector@MV?$allocator@M@std@@@std@@PEBMIAEAI@Z
??0?$BoundingBoxType@HM@types@ortcv@@QEAA@XZ
??0?$BoundingBoxType@MM@types@ortcv@@QEAA@XZ
??0?$BoundingBoxType@NN@types@ortcv@@QEAA@XZ
??0AgeType@types@ortcv@@QEAA@XZ
??0BasicOrtHandler@core@@IEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHI@Z
??0ColorizeContentType@types@ortcv@@QEAA@$$QEAU012@@Z
??0ColorizeContentType@types@ortcv@@QEAA@AEBU012@@Z
??0ColorizeContentType@types@ortcv@@QEAA@XZ
??0EmotionsType@types@ortcv@@QEAA@XZ
??0EulerAnglesType@types@ortcv@@QEAA@XZ
??0FaceContentType@types@ortcv@@QEAA@$$QEAU012@@Z
??0FaceContentType@types@ortcv@@QEAA@AEBU012@@Z
??0FaceContentType@types@ortcv@@QEAA@XZ
??0GenderType@types@ortcv@@QEAA@XZ
??0ImageNetContentType@types@ortcv@@QEAA@$$QEAU012@@Z
??0ImageNetContentType@types@ortcv@@QEAA@AEBU012@@Z
??0ImageNetContentType@types@ortcv@@QEAA@XZ
??0LandmarksType@types@ortcv@@QEAA@$$QEAU012@@Z
??0LandmarksType@types@ortcv@@QEAA@AEBU012@@Z
??0LandmarksType@types@ortcv@@QEAA@XZ
??0OCRContentType@types@ortcv@@QEAA@XZ
??0SegmentContentType@types@ortcv@@QEAA@$$QEAU012@@Z
??0SegmentContentType@types@ortcv@@QEAA@AEBU012@@Z
??0SegmentContentType@types@ortcv@@QEAA@XZ
??0StyleContentType@types@ortcv@@QEAA@$$QEAU012@@Z
??0StyleContentType@types@ortcv@@QEAA@AEBU012@@Z
??0StyleContentType@types@ortcv@@QEAA@XZ
??0SuperResolutionContentType@types@ortcv@@QEAA@$$QEAU012@@Z
??0SuperResolutionContentType@types@ortcv@@QEAA@AEBU012@@Z
??0SuperResolutionContentType@types@ortcv@@QEAA@XZ
??0YoloX@ortcv@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HHI@Z
??1BasicOrtHandler@core@@MEAA@XZ
??1ColorizeContentType@types@ortcv@@QEAA@XZ
??1FaceContentType@types@ortcv@@QEAA@XZ
??1ImageNetContentType@types@ortcv@@QEAA@XZ
??1LandmarksType@types@ortcv@@QEAA@XZ
??1SegmentContentType@types@ortcv@@QEAA@XZ
??1StyleContentType@types@ortcv@@QEAA@XZ
??1SuperResolutionContentType@types@ortcv@@QEAA@XZ
??1YoloX@ortcv@@UEAA@XZ
??4?$BoundingBoxType@HM@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4?$BoundingBoxType@HM@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4?$BoundingBoxType@MM@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4?$BoundingBoxType@MM@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4?$BoundingBoxType@NN@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4?$BoundingBoxType@NN@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4AgeType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4AgeType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4ColorizeContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4ColorizeContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4EmotionsType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4EmotionsType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4EulerAnglesType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4EulerAnglesType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4FaceContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4FaceContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4GenderType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4GenderType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4ImageNetContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4ImageNetContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4LandmarksType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4LandmarksType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4OCRContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4OCRContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4SegmentContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4SegmentContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4StyleContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4StyleContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??4SuperResolutionContentType@types@ortcv@@QEAAAEAU012@$$QEAU012@@Z
??4SuperResolutionContentType@types@ortcv@@QEAAAEAU012@AEBU012@@Z
??_7BasicOrtHandler@core@@6B@
??_7YoloX@ortcv@@6B@
?__autoclassinit2@BasicOrtHandler@core@@QEAAX_K@Z
?__autoclassinit2@YoloX@ortcv@@QEAAX_K@Z
?area@?$BoundingBoxType@HM@types@ortcv@@QEBAHXZ
?area@?$BoundingBoxType@MM@types@ortcv@@QEBAMXZ
?area@?$BoundingBoxType@NN@types@ortcv@@QEBANXZ
?blending_nms@utils@ortcv@@YAXAEAV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@0MI@Z
?create_tensor@transform@utils@ortcv@@YA?AUValue@Ort@@AEBVMat@cv@@AEBV?$vector@_JV?$allocator@_J@std@@@std@@AEBUMemoryInfo@5@AEAV?$vector@MV?$allocator@M@std@@@9@I@Z
?detect@YoloX@ortcv@@QEAAXAEBVMat@cv@@AEAV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@MMII@Z
?draw_age@utils@ortcv@@YA?AVMat@cv@@AEBV34@AEAUAgeType@types@2@@Z
?draw_age_inplace@utils@ortcv@@YAXAEAVMat@cv@@AEAUAgeType@types@2@@Z
?draw_axis@utils@ortcv@@YA?AVMat@cv@@AEBV34@AEBUEulerAnglesType@types@2@MH@Z
?draw_axis_inplace@utils@ortcv@@YAXAEAVMat@cv@@AEBUEulerAnglesType@types@2@MH@Z
?draw_boxes@utils@ortcv@@YA?AVMat@cv@@AEBV34@AEBV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@@Z
?draw_boxes_inplace@utils@ortcv@@YAXAEAVMat@cv@@AEBV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@@Z
?draw_emotion@utils@ortcv@@YA?AVMat@cv@@AEBV34@AEAUEmotionsType@types@2@@Z
?draw_emotion_inplace@utils@ortcv@@YAXAEAVMat@cv@@AEAUEmotionsType@types@2@@Z
?draw_gender@utils@ortcv@@YA?AVMat@cv@@AEBV34@AEAUGenderType@types@2@@Z
?draw_gender_inplace@utils@ortcv@@YAXAEAVMat@cv@@AEAUGenderType@types@2@@Z
?draw_landmarks@utils@ortcv@@YA?AVMat@cv@@AEBV34@AEAULandmarksType@types@2@@Z
?draw_landmarks_inplace@utils@ortcv@@YAXAEAVMat@cv@@AEAULandmarksType@types@2@@Z
?generate_anchors@YoloX@ortcv@@AEAAXHHAEAV?$vector@HV?$allocator@H@std@@@std@@AEAV?$vector@UGridAndStride@ortcv@@V?$allocator@UGridAndStride@ortcv@@@std@@@4@@Z
?generate_bboxes@YoloX@ortcv@@AEAAXAEAV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@AEAV?$vector@UValue@Ort@@V?$allocator@UValue@Ort@@@std@@@4@MMM@Z
?hard_nms@utils@ortcv@@YAXAEAV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@0MI@Z
?height@?$BoundingBoxType@HM@types@ortcv@@QEBAHXZ
?height@?$BoundingBoxType@MM@types@ortcv@@QEBAMXZ
?height@?$BoundingBoxType@NN@types@ortcv@@QEBANXZ
?initialize_handler@BasicOrtHandler@core@@AEAAXXZ
?max_nms@YoloX@ortcv@@0IB
?nms@YoloX@ortcv@@AEAAXAEAV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@0MII@Z
?normalize@transform@utils@ortcv@@YA?AVMat@cv@@AEBV45@MM@Z
?normalize@transform@utils@ortcv@@YA?AVMat@cv@@AEBV45@QEBM1@Z
?normalize@transform@utils@ortcv@@YAXAEBVMat@cv@@AEAV45@MM@Z
?normalize_inplace@transform@utils@ortcv@@YAXAEAVMat@cv@@MM@Z
?normalize_inplace@transform@utils@ortcv@@YAXAEAVMat@cv@@QEBM1@Z
?offset_nms@utils@ortcv@@YAXAEAV?$vector@U?$BoundingBoxType@MM@types@ortcv@@V?$allocator@U?$BoundingBoxType@MM@types@ortcv@@@std@@@std@@0MI@Z
?print_debug_string@BasicOrtHandler@core@@AEAAXXZ
?rb@?$BoundingBoxType@HM@types@ortcv@@QEBA?AV?$Point_@H@cv@@XZ
?rb@?$BoundingBoxType@MM@types@ortcv@@QEBA?AV?$Point_@H@cv@@XZ
?rb@?$BoundingBoxType@NN@types@ortcv@@QEBA?AV?$Point_@H@cv@@XZ
?rect@?$BoundingBoxType@HM@types@ortcv@@QEBA?AV?$Rect_@H@cv@@XZ
?rect@?$BoundingBoxType@MM@types@ortcv@@QEBA?AV?$Rect_@H@cv@@XZ
?rect@?$BoundingBoxType@NN@types@ortcv@@QEBA?AV?$Rect_@H@cv@@XZ
?tl@?$BoundingBoxType@HM@types@ortcv@@QEBA?AV?$Point_@H@cv@@XZ
?tl@?$BoundingBoxType@MM@types@ortcv@@QEBA?AV?$Point_@H@cv@@XZ
?tl@?$BoundingBoxType@NN@types@ortcv@@QEBA?AV?$Point_@H@cv@@XZ
?to_string@utils@ortcv@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?to_wstring@utils@ortcv@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?transform@YoloX@ortcv@@EEAA?AUValue@Ort@@AEBVMat@cv@@@Z
?width@?$BoundingBoxType@HM@types@ortcv@@QEBAHXZ
?width@?$BoundingBoxType@MM@types@ortcv@@QEBAMXZ
?width@?$BoundingBoxType@NN@types@ortcv@@QEBANXZ

Sections

Size: 40KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 40KB - Virtual size: 87KB

Size: 9KB - Virtual size: 32KB

Size: 512B - Virtual size: 3KB

Size: 2KB - Virtual size: 4KB

Size: 512B - Virtual size: 480B

Size: 512B - Virtual size: 164B

.edata Size: 9KB - Virtual size: 9KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.1MB

.boot Size: 3.6MB - Virtual size: 3.6MB

.edata
Size: 9KB - Virtual size: 9KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 3.6MB - Virtual size: 3.6MB