CHAPRI VIP[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

CHAPRI VIP.zip
Size

6.9MB
MD5

67e8324732b67d3a75c018ee2de905bc
SHA1

0c212470c11698aa9b058a52647ed8d1579c3297
SHA256

28b2f01f3a334d1a2e559bdf6dde1327311b1047b20b8ceba7457fd6d7104d9d
SHA512

920ce06eeadc20522e08e0a09f07a943ca2ab421122217ed9253a361282c7e87403788673d14d2733195c51c58d3b7600e66f8927202a1eaad2567d21b00f1a5
SSDEEP

196608:4+7eoIiMJHk3wYklX3I/f1WZUkmQvAwmtFNo1FqD:4nhf1Yk14/9WMQvA9tuID

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/EO_MAX_Cracked by EhliBeytTEAM.exe	themida

Files

CHAPRI VIP.zip
.zip
EO_MAX.exe
.exe windows x64

3f5d652a856c384b65c94c4e952937c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

accept
WSACleanup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
shutdown
select
__WSAFDIsSet
inet_pton
WSAStartup
closesocket
getnameinfo
gethostname
sendto
recvfrom
ntohl
freeaddrinfo
getaddrinfo
ioctlsocket
listen
htonl
socket
send
recv
WSAGetLastError

wldap32

ord211
ord46
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord143
ord200
ord301
ord45

crypt32

CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore

kernel32

ReadProcessMemory
WideCharToMultiByte
ReadFile
WriteFile
PeekNamedPipe
CreateFileW
GetLastError
CloseHandle
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
OutputDebugStringA
ExitProcess
GetModuleFileNameA
SizeofResource
WriteProcessMemory
HeapFree
GetCurrentProcess
InitializeCriticalSectionEx
OpenProcess
HeapSize
Sleep
GetTickCount64
LockResource
HeapReAlloc
LoadResource
FindResourceW
HeapAlloc
VirtualProtectEx
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
GetCurrentDirectoryA
CreateFileA
FreeConsole
CreateThread
FindResourceExW
VirtualAllocEx
VirtualFreeEx
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualQueryEx
SetLastError
FormatMessageA
GetTickCount
EnterCriticalSection
VirtualAlloc
SleepEx
FreeLibraryAndExitThread
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
WaitForMultipleObjects
LoadLibraryExW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FormatMessageW
GetModuleHandleW
GetSystemTimeAsFileTime
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
EncodePointer
GetSystemInfo
ExitThread
WriteConsoleW
GetSystemDirectoryA
RtlUnwind
LCMapStringEx
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
RtlUnwindEx
RtlPcToFileHeader
GetFileSizeEx
InterlockedPushEntrySList
VirtualProtect
VirtualQuery
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetFileAttributesExW
SetStdHandle
DeleteFileW
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LeaveCriticalSection
SetEndOfFile
SetUnhandledExceptionFilter
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess

user32

GetClassNameA
DispatchMessageW
PeekMessageW
MessageBoxW
FindWindowExW
SetWindowLongW
GetWindowLongW
GetWindowTextA
EnumWindows
TranslateMessage
FindWindowW
SetForegroundWindow
IsIconic
GetWindowTextW
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
LoadCursorW
GetProcessWindowStation
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetWindowPos
GetSystemMetrics
SetWindowDisplayAffinity
MessageBoxA
GetForegroundWindow
GetDesktopWindow
GetCursorPos
DefWindowProcW
GetWindowRect
CreateWindowExW
RegisterClassExW
ShowWindow
MoveWindow
SetLayeredWindowAttributes
GetAsyncKeyState
mouse_event
GetUserObjectInformationW
SetCapture

advapi32

CloseServiceHandle
RegOpenKeyExW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CopySid
IsValidSid
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
CreateServiceA
RegSetValueExW
OpenSCManagerA
DeleteService
ChangeServiceConfigA
ControlService
StartServiceA
OpenServiceA
RegCloseKey
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteA
ShellExecuteW

dwmapi

DwmExtendFrameIntoClientArea

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

d3dx11_43

D3DX11CompileFromMemory
D3DX11CreateShaderResourceViewFromMemory

bcrypt

BCryptGenRandom

userenv

UnloadUserProfile

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

urlmon

URLDownloadToFileW

imm32

ImmAssociateContextEx
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 702KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EO_MAX_Cracked by EhliBeytTEAM.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 539B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f5d652a856c384b65c94c4e952937c6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

kernel32

user32

advapi32

shell32

dwmapi

d3d11

d3dcompiler_43

d3dx11_43

bcrypt

userenv

rpcrt4

urlmon

imm32

wininet

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 445KB - Virtual size: 702KB

.pdata Size: 156KB - Virtual size: 155KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 32KB - Virtual size: 31KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 12KB - Virtual size: 32KB

Size: 539B - Virtual size: 1KB

.imports Size: 512B - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 8KB

.themida Size: - Virtual size: 7.0MB

.boot Size: 4.1MB - Virtual size: 4.1MB

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 445KB - Virtual size: 702KB

.pdata
Size: 156KB - Virtual size: 155KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 32KB - Virtual size: 31KB

.imports
Size: 512B - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 8KB

.themida
Size: - Virtual size: 7.0MB

.boot
Size: 4.1MB - Virtual size: 4.1MB