fd6054f87feb42bfb7d938eb6c408136dc463e5e6a1c35c8b1e5398f9e6d5d71

Sharing

Copy URL Twitter E-mail

General

Target

fd6054f87feb42bfb7d938eb6c408136dc463e5e6a1c35c8b1e5398f9e6d5d71
Size

10.2MB
MD5

a03051a5ca62717e6f4c7aac0066ec5a
SHA1

4a371cc63ee0753fef42e7bcc33bfea1e07c12e3
SHA256

fd6054f87feb42bfb7d938eb6c408136dc463e5e6a1c35c8b1e5398f9e6d5d71
SHA512

f43892de2ac0675a38ed0b2cfb47030f962d3890a182f3171e7969192b19bf648385b7ec36739eda62ce2b3733c454a634258cf999958ecb86cdfd425fb68c40
SSDEEP

196608:Vc/2ivvi/ANfTORt6NwHSjuj5wQwN+OlILZ/9J:Vc/2iS/ANfTORt6+guj5wQwNvI

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd6054f87feb42bfb7d938eb6c408136dc463e5e6a1c35c8b1e5398f9e6d5d71

Files

fd6054f87feb42bfb7d938eb6c408136dc463e5e6a1c35c8b1e5398f9e6d5d71
.dll windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GameshieldManager_GetUniqueID
GameshieldManager_Start
GameshieldManager_Stop
GameshieldManager_TryGetDynamicIP
GameshieldManager_TryGetLocalIP
GameshieldManager_TryTestConnectivity
OpenDebug
QND_Start_WithFile
Reload

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 745KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size:

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 745KB - Virtual size: 752KB

.data Size: 62KB - Virtual size: 84KB

Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 145KB - Virtual size: 148KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 20KB

.themida Size: 3.3MB - Virtual size: 3.3MB

.boot Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: - Virtual size:

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 745KB - Virtual size: 752KB

.data
Size: 62KB - Virtual size: 84KB

.reloc
Size: 145KB - Virtual size: 148KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 20KB

.themida
Size: 3.3MB - Virtual size: 3.3MB

.boot
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: - Virtual size: