TheGhostPro[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TheGhostPro.exe
Size

44.9MB
MD5

cd316aac8fc6ddccb56415acc6d96348
SHA1

d5e7aa1d8d24c91399adea9f0f1581b5016b0bba
SHA256

ccbe2aedb8bf953430368b6c492a47bdd5a32bb2775ca8391c76dd8d631ceaef
SHA512

b46d1964e2d0f0c606690008f7ad275c191a04a5b989988c72e43c2616e65611ae88d3988cbb25bd5d0cdc0d3dd6f2afe4c3fb81f5938e6d2490f8cb60a56931
SSDEEP

786432:Zb45Wyqx9lmcKYlUvVUHDoazLV/97BbAsYGec0MFBIdZzhtEfK+JF+Oqy9G:Zbf9QYqvKj7xl7BfYGx0MFmQy+JYy9G

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

TheGhostPro.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 5.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 25.9MB - Virtual size: 47.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 141KB - Virtual size: 949KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 479B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 31KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 56KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 241KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 30.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 12.7MB - Virtual size: 12.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 5.7MB - Virtual size: 11.7MB

Size: 25.9MB - Virtual size: 47.2MB

Size: 141KB - Virtual size: 949KB

Size: 479B - Virtual size: 1KB

Size: 31KB - Virtual size: 49KB

Size: 56KB - Virtual size: 132KB

Size: 241KB - Virtual size: 412KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 132KB - Virtual size: 132KB

.themida Size: - Virtual size: 30.9MB

.boot Size: 12.7MB - Virtual size: 12.7MB

.reloc Size: 16B - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 132KB - Virtual size: 132KB

.themida
Size: - Virtual size: 30.9MB

.boot
Size: 12.7MB - Virtual size: 12.7MB

.reloc
Size: 16B - Virtual size: 4KB