cbecc6a7b633f72c9edfa08e394d893f68ff73b32e60955234f920d141529701

Sharing

Copy URL

Twitter E-mail

General

Target

cbecc6a7b633f72c9edfa08e394d893f68ff73b32e60955234f920d141529701
Size

3.6MB
MD5

e134a2ba494c8b6fd3234fbdd410a333
SHA1

56738f2fef4c090b68c4aed5fb9ab42c5ab4d63c
SHA256

cbecc6a7b633f72c9edfa08e394d893f68ff73b32e60955234f920d141529701
SHA512

2f5a7989cb37757151ecea58a43a82828be9ad35631c2029fd119c9c4cd44c7131317accdf4972dec22ff363e79097d2765e1bbd13b07a2912974ba8f8997a05
SSDEEP

98304:seHguQzSvxF+zqk2PhA/F+nsyVcCE9M2jqjhVY:vyzSfoq9PvYmcChVY

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
cbecc6a7b633f72c9edfa08e394d893f68ff73b32e60955234f920d141529701

Files

cbecc6a7b633f72c9edfa08e394d893f68ff73b32e60955234f920d141529701
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetDllInfo
UDV_ChangePassword
UDV_ClearPWS_ProtectHidden
UDV_CloseAPI
UDV_CloseContinuousAccess
UDV_CloseLockedCDROM
UDV_DisablePWS_ProtectHidden
UDV_DisablePassword
UDV_Force_to_Enable_HID_Channel
UDV_FormatPartition
UDV_GetDeviceInfo
UDV_GetInquiryRevision
UDV_GetStatus
UDV_GetUnitSize
UDV_GetWriteProtect
UDV_GetWriteProtect_Temporarily
UDV_Get_Current_Number_of_Attempts_ProtectHidden
UDV_Get_ExtraLED_Status
UDV_Get_HIDVID_HIDPID
UDV_InitAPI
UDV_ListTokens
UDV_LockCDROM
UDV_Login
UDV_Logout
UDV_MacCloseDevice
UDV_MacOpenDevice
UDV_Make_CDKey
UDV_OpenContinuousAccess
UDV_OpenLockedCDROM
UDV_ReadBlockCDROM
UDV_ReadHiddenArea
UDV_ReadProtectHidden
UDV_ReadSectorFromPartition_Multi
UDV_ReadSectorFromPartition_SCSI
UDV_ResetPassword
UDV_ResizeCDPartition
UDV_ResizeCDPartition_M31
UDV_ResizePartition
UDV_ResizePartition_M37M38
UDV_SetDevice_MediaChanged
UDV_SetInquiryRevision
UDV_SetPID
UDV_SetPWS_ProtectHidden
UDV_SetPassword
UDV_SetProductionName
UDV_SetSerialNumber
UDV_SetVID
UDV_SetVendorName
UDV_SetWriteProtect
UDV_SetWriteProtect_Temporarily
UDV_Set_ExtraLED_Status
UDV_UnlockCDROM
UDV_UpdateDeviceString
UDV_WriteBlockCDROM
UDV_WriteHiddenArea
UDV_WriteProtectHidden
UDV_WriteSectorToPartition_Multi
UDV_isHID
UDV_isReady_HIDmode

Sections

Size: 124KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 42KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 124KB - Virtual size: 289KB

Size: 42KB - Virtual size: 77KB

Size: 8KB - Virtual size: 240KB

Size: 6KB - Virtual size: 11KB

Size: 1024B - Virtual size: 1KB

Size: 1024B - Virtual size: 2KB

.edata Size: 2KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.edata
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.4MB - Virtual size: 3.4MB