unpacked_Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

unpacked_Launcher.exe
Size

23.7MB
MD5

41b637e89a20c776e6b6f4458b53a269
SHA1

ef69bb9c1706decb7a99d9302e09728f1f0407e1
SHA256

c056f0de2c869502f9db9a725b281e6f0053464a776c704841da742bd4a2a5c2
SHA512

810a740f51bb0ea0751d936e8c2711d7edd8e07ed88929935f3e3e4396a51a78a856b86993f46f179f99fdd9a3ba5f702581199515c3e2e21937ec92a5e6e669
SSDEEP

196608:4eiOs5KKQsu/oQ+rTe4sxlt7MFw+t0YVr9TWmWPCYlHy6+2dFDcRcBK7UdwBbIwP:l60AQ+rTlMLmWXS6+BY4DBcw

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpacked_Launcher.exe

Files

unpacked_Launcher.exe
.exe windows x64

2983f1b173baff71907e03d0638e8d5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

SystemFunction036
RegGetValueW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ucrtbase

_ultow_s
wcstol
calloc
_callnewh
_set_new_mode
malloc
free
_configthreadlocale
round
trunc
__setusermatherr
floor
__p___argc
_initialize_narrow_environment
_seh_filter_exe
_set_app_type
_Exit
__p___argv
_configure_narrow_argv
_cexit
abort
exit
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
strerror
_get_initial_narrow_environment
_initterm
_c_exit
_initterm_e
_register_thread_local_exe_atexit_callback
__p__commode
_set_fmode
strlen
wcslen
strcpy_s
_wcsicmp
wcsncmp

bcrypt

BCryptGenRandom

comctl32

RemoveWindowSubclass
SetWindowSubclass
DefSubclassProc

crypt32

CertDuplicateStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateContext
CertFreeCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateChain
CertFreeCertificateContext
CertCloseStore

dwmapi

DwmEnableBlurBehindWindow

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 306KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2983f1b173baff71907e03d0638e8d5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ucrtbase

bcrypt

comctl32

crypt32

dwmapi

gdi32

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

Size: 2.9MB - Virtual size: 2.9MB

Size: 16KB - Virtual size: 24KB

Size: 306KB - Virtual size: 308KB

Size: 512B - Virtual size: 4KB

Size: 24KB - Virtual size: 24KB

Size: 45KB - Virtual size: 48KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 24KB

.themida Size: 9.0MB - Virtual size: 9.0MB

.boot Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 2KB - Virtual size: 4KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 24KB

.themida
Size: 9.0MB - Virtual size: 9.0MB

.boot
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 2KB - Virtual size: 4KB