dRDnjRUm7xL4BKq[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

dRDnjRUm7xL4BKq.zip
Size

3.4MB
MD5

02cc4231baa8cfc5e8432705bba479ca
SHA1

cb9450a34c44e319e81db5884412ab0cea013b7b
SHA256

99ac75b09b31d98bbfb2ab9d092f22c2df59d8fe8ab1f652bf393852b0133160
SHA512

b695935bd4bcc126e510ff564e24d8e9d183179daaf243e918f855195b897ef000534940ece7654e4ca96a8239934a07ab13668fd97eb77aee3294f179a0b1d8
SSDEEP

49152:Kbisp/M1gJZ1QHkNUguXeQfZNL9PU1S4tkVTTIie/9QVoepKBK6eoJcTa:Kb1HG6UguXeAZNhPUs4C8SVoEf6eTe

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/dRDnjRUm7xL4BKq/EzGlobal Crack.exe	themida

Files

dRDnjRUm7xL4BKq.zip
.zip
dRDnjRUm7xL4BKq/EzGlobal Crack.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 667B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 16B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
dRDnjRUm7xL4BKq/Yeni klasör/EzGlobal.exe
.exe windows x86

f3cdbc45eae66054a09cb5ebcc192d47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetFileAttributesExW
GetFullPathNameW
AreFileApisANSI
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
FormatMessageA
ResetEvent
WaitForSingleObjectEx
CreateDirectoryA
CreateProcessA
Beep
TerminateProcess
QueryPerformanceCounter
VerifyVersionInfoW
FreeLibrary
VerSetConditionMask
QueryPerformanceFrequency
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetCurrentProcess
Process32First
VirtualFreeEx
CreateRemoteThread
VirtualAllocEx
GetProcAddress
CloseHandle
Process32Next
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
GetTickCount
SetLastError
FormatMessageW
MoveFileExA
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetLastError
Sleep
CreateToolhelp32Snapshot
OpenProcess
GetModuleHandleA
Module32First
WaitForSingleObject
Module32Next
WriteProcessMemory
LocalFree

user32

SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxA
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
GetWindowRect
GetDesktopWindow
GetCursorPos
SetWindowLongW
DispatchMessageA
TranslateMessage
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
GetMonitorInfoA
GetForegroundWindow
SetCursor
SetCapture
BringWindowToTop
SetFocus
SetLayeredWindowAttributes
CreateWindowExA
DefWindowProcA
UnregisterClassA
GetClientRect

gdi32

GetDeviceCaps

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Query_perf_frequency
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Xbad_alloc@std@@YAXXZ
??1_Locinfo@std@@QAE@XZ

normaliz

IdnToAscii

ws2_32

getpeername
getsockname
send
WSACloseEvent
getsockopt
htons
WSACreateEvent
WSAEnumNetworkEvents
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSAEventSelect
WSAResetEvent
WSACleanup
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
WSAWaitForMultipleEvents
connect
bind
recv
WSAGetLastError
closesocket

wldap32

ord143
ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertFreeCertificateChain

urlmon

URLDownloadToFileA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3d9

Direct3DCreate9

vcruntime140

memset
_except_handler4_common
memcpy
strrchr
memmove
memchr
_CxxThrowException
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__current_exception
__current_exception_context

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__p__commode
feof
__acrt_iob_func
_set_fmode
fopen
_open
fgets
__stdio_common_vfprintf
__stdio_common_vsnprintf_s
_lseeki64
_read
ftell
fflush
fclose
fseek
_write
_close
__stdio_common_vsprintf
fwrite
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
fputc
fputs
__stdio_common_vsscanf
_wfopen
fread

api-ms-win-crt-string-l1-1-0

strcspn
strspn
isupper
strncmp
strpbrk
_strdup
_stricmp
toupper
tolower
strncpy

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
_cexit
_getpid
_seh_filter_exe
_beginthreadex
terminate
_set_app_type
_get_narrow_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
__sys_nerr
exit
__sys_errlist
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_wassert
_errno

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
_callnewh
free
calloc
malloc

api-ms-win-crt-math-l1-1-0

_ldsign
_libm_sse2_pow_precise
_libm_sse2_log_precise
_libm_sse2_cos_precise
_libm_sse2_acos_precise
_ldclass
ceil
_libm_sse2_sin_precise
_dsign
_fdclass
_dclass
_libm_sse2_sqrt_precise
__setusermatherr
_fdsign
_CIfmod

api-ms-win-crt-time-l1-1-0

_localtime64
_gmtime64
_time64
strftime

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atof
atoi
wcstombs
strtoll
strtoul
strtol

api-ms-win-crt-filesystem-l1-1-0

_stat64
_access
_fstat64
_lock_file
_unlock_file
_unlink

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 7KB - Virtual size: 24KB

Size: 667B - Virtual size: 1KB

Size: 16B - Virtual size: 12B

.imports Size: 512B - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 8KB

.themida Size: - Virtual size: 5.1MB

.boot Size: 2.9MB - Virtual size: 2.9MB

f3cdbc45eae66054a09cb5ebcc192d47

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcp140

normaliz

ws2_32

wldap32

crypt32

urlmon

imm32

d3d9

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 714KB - Virtual size: 714KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 30KB - Virtual size: 30KB

.imports
Size: 512B - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 8KB

.themida
Size: - Virtual size: 5.1MB

.boot
Size: 2.9MB - Virtual size: 2.9MB

.text
Size: 714KB - Virtual size: 714KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 30KB - Virtual size: 30KB