ProtonVPN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ProtonVPN.exe
Size

7.3MB
MD5

f96a8e7ea02644c467123edc530f0980
SHA1

7a6c2a5100f3252db27d9c96a0b964acbd836def
SHA256

51dd593160a054cb0f10a011e7212c30ce12cf75fbb08f6fe537597892c9a6a2
SHA512

584bd9e7465fcc7df7c1b4f7d81dfbc765aa6e59c0d5009aac83c4eef2b2412658b7019faee0ab422cb845212a299d9807fa1434975650c562c40ca44dc1fec9
SSDEEP

98304:WVvUdY4UYgZr9ul7IoT7Yhv1rVpf81nIl13Tl60ctb0mOnfu/000TWeTWR:WVlOgZJuq5nfqUVABEfuz0TWeTWR

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

ProtonVPN.exe
.exe windows x86

e40757489f9bf9a0a0c1e0329f45b1df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 971KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zip0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zip1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e40757489f9bf9a0a0c1e0329f45b1df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

Size: 17KB - Virtual size: 41KB

Size: 3KB - Virtual size: 6KB

Size: 512B - Virtual size: 5KB

Size: 4KB - Virtual size: 5KB

Size: 523KB - Virtual size: 522KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 2.1MB

.boot Size: 971KB - Virtual size: 971KB

Size: 1KB - Virtual size: 1KB

zip0 Size: 1.5MB - Virtual size: 1.5MB

zip1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 436KB - Virtual size: 436KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 2.1MB

.boot
Size: 971KB - Virtual size: 971KB

zip0
Size: 1.5MB - Virtual size: 1.5MB

zip1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 436KB - Virtual size: 436KB