payload[.]data[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

payload.data.zip
Size

9.3MB
MD5

3e01b7b439242a944ed526dd918744d4
SHA1

eac2ebde90c76ae1d75c74fc43e58e848926bda3
SHA256

d234f112fbd04a034283726da24dc26a4448f674db20e5a95c770719e7187136
SHA512

3e03b08e6c57d21d89b53ec79d52d3c581d579832ebfb6c19738949f34e9b3500469b8631e272aaf2d4d44c6d693f9757b31559387b28e8e537bb4669f29749c
SSDEEP

196608:2+QWPrlZu9O4jv79n+Ccz5LmJCFaMZWj11Ptbg6txZRUKj:pPrlAgO+C8YQFR8PBgihUKj

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/pipvhzbflk.olu	themida

Files

payload.data.zip
.zip
jtxroj0h27fi1r56uuu
pipvhzbflk.olu
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
r395uie2snab2a10w

Sections

Size: 1.6MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 120KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 38KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 209KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
yy3xk2gaqh4ji4t0x0lzsss
.exe windows x86

843075fba28109153465b53d9d36a319

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
recv
socket
getservbyname
WSASetLastError
WSAAsyncSelect
closesocket
gethostbyaddr
gethostbyname
send
getservbyport
gethostname
inet_ntoa
connect
inet_addr
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
shutdown

winmm

waveOutGetVolume
mixerGetLineInfoW
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetDevCapsW
waveOutSetVolume
mixerClose
mixerOpen
mciSendStringW
joyGetDevCapsW
joyGetPosEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
InitCommonControlsEx

psapi

GetModuleBaseNameW
GetModuleFileNameExW

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetOpenW

kernel32

GlobalFree
GlobalUnlock
GetEnvironmentVariableW
FreeLibrary
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
LoadLibraryW
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
GetFullPathNameW
GetSystemTimeAsFileTime
LoadResource
LockResource
SizeofResource
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
GlobalAlloc
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
CopyFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
GlobalLock
FindResourceW
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
ExitProcess
HeapSize
HeapQueryInformation
GetCommandLineW
HeapSetInformation
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapFree
HeapReAlloc
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeW
HeapCreate
InitializeCriticalSectionAndSpinCount
RaiseException
SetHandleCount
IsProcessorFeaturePresent
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetFilePointer
WriteConsoleW
SetStdHandle
GetProcessHeap
SetLastError
VirtualQuery

user32

SetFocus
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
InvalidateRect
EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
EnumDisplayMonitors
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
MessageBeep
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
CopyImage
SetActiveWindow
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetQueueStatus
LoadImageW
ChangeClipboardChain
IsWindowVisible
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
ClientToScreen
EnumChildWindows
MoveWindow
GetWindowRect
GetMonitorInfoW
MonitorFromPoint
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
CreateIconIndirect
SetWindowTextW
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
BlockInput
SetClipboardViewer
CheckMenuItem
RegisterHotKey

gdi32

GdiFlush
CreateDIBSection
EnumFontFamiliesExW
SetBrushOrgEx
SetBkColor
GetPixel
BitBlt
CreatePatternBrush
SetBkMode
GetCharABCWidthsW
GetClipBox
FillRgn
GetClipRgn
ExcludeClipRect
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
SetTextColor

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
LockServiceDatabase
OpenSCManagerW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
RegConnectRegistryW
UnlockServiceDatabase

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayDestroy
GetActiveObject
SysStringLen
SysFreeString
SafeArrayCreate
VariantClear
VariantChangeType
SysAllocString
SafeArrayCopy
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.6MB - Virtual size: 4.5MB

Size: 7KB - Virtual size: 14KB

Size: 120KB - Virtual size: 182KB

.bss Size: - Virtual size: 38KB

Size: 1KB - Virtual size: 15KB

Size: 1KB - Virtual size: 2KB

Size: 512B - Virtual size: 187B

Size: 512B - Virtual size: 69B

Size: 209KB - Virtual size: 373KB

Size: 48KB - Virtual size: 227KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.themida Size: - Virtual size: 10.7MB

.boot Size: 7.1MB - Virtual size: 7.1MB

843075fba28109153465b53d9d36a319

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 685KB - Virtual size: 684KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 13KB - Virtual size: 36KB

.rsrc Size: 38KB - Virtual size: 37KB

.bss
Size: - Virtual size: 38KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.themida
Size: - Virtual size: 10.7MB

.boot
Size: 7.1MB - Virtual size: 7.1MB

.text
Size: 685KB - Virtual size: 684KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 13KB - Virtual size: 36KB

.rsrc
Size: 38KB - Virtual size: 37KB