ProtonVPN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ProtonVPN.exe
Size

4.9MB
MD5

276c47b472bf4b484550f3374ebaa3ff
SHA1

cfa89a1e522fe28ba348cb59fdbee86fd5090a3a
SHA256

a3ffce2c30826db918138848ca304b83bad43eea1f3ecd9ced492ac9cfcc3ef7
SHA512

ccd4815647dcd7c4c7a39a721106595877d9e8ad21e25aa17db67bbe9fa079bc349e886b330eea5eb4782624e29439a49997fad475c02989b02d47ceb387d632
SSDEEP

98304:WVvUdY4UYgZr9ul7IoT7Yhv1rVpf81nIl13Tl60ctb0mOnfu/00U:WVlOgZJuq5nfqUVABEfuzU

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

ProtonVPN.exe
.exe windows x86

e40757489f9bf9a0a0c1e0329f45b1df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 971KB - Virtual size: 971KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zip0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zip1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e40757489f9bf9a0a0c1e0329f45b1df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

Size: 17KB - Virtual size: 41KB

Size: 3KB - Virtual size: 6KB

Size: 512B - Virtual size: 5KB

Size: 4KB - Virtual size: 5KB

Size: 523KB - Virtual size: 522KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 2.1MB

.boot Size: 971KB - Virtual size: 971KB

Size: 1KB - Virtual size: 1KB

zip0 Size: 1.5MB - Virtual size: 1.5MB

zip1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 436KB - Virtual size: 436KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 2.1MB

.boot
Size: 971KB - Virtual size: 971KB

zip0
Size: 1.5MB - Virtual size: 1.5MB

zip1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 436KB - Virtual size: 436KB