unpacked_injector_imgui[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

unpacked_injector_imgui.exe
Size

8.1MB
MD5

59ce04a7b6a8abf96dd67b15ffd27173
SHA1

cfed66a820f9585ac9e4a0b207f19989371984d9
SHA256

0db852ae0d4e0634f308626c86faa295c71b6dae72c53cf8def2876e1f3f9a79
SHA512

f00c44627277d4de3c98de9222fd1745b3b96a54f46c61e088c86c7dc738eb40fa27073d2d8f73c78284719fdbabdc7f264a3a7713f899392b6d295560e5efab
SSDEEP

196608:k+u5M0Sewp+eMCE2Ix9KlzA3BcqS4Q+Vw3VGG0a8:ktbSe9N60xcqFWi

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpacked_injector_imgui.exe

Files

unpacked_injector_imgui.exe
.exe windows x86

e1ca9e61202172ce0a003b35a4f002e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
OpenSCManagerW
QueryServiceConfigW
CloseServiceHandle
OpenProcessToken

comdlg32

GetOpenFileNameW

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

kernel32

WideCharToMultiByte
GlobalUnWire
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
GetFileAttributesW
VirtualAllocEx
GetLastError
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
CloseHandle
GetExitCodeThread
ReadProcessMemory
CreateDirectoryW
GetTickCount
CopyFileW
LoadLibraryW
DuplicateHandle
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
MultiByteToWideChar
OpenProcess
TerminateProcess
CreateProcessW
FindFirstFileW
DeleteFileW
FindNextFileW
SetEnvironmentVariableW
Sleep
FindResourceW
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
GetModuleHandleW
GetProcessId
TerminateThread
CreateThread
IsWow64Process
FreeLibrary
GetCurrentProcessId
CreateEventW
VirtualAlloc
VirtualFree
GetFileAttributesExW
SetEvent
K32EnumProcessModules
GetCurrentThreadId
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GlobalLock
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitOnceBeginInitialize
InitOnceComplete
Process32NextW
K32GetModuleBaseNameW

msvcp140

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV?$basic_ios@DU?$char_traits@D@std@@@1@AAV21@@Z@Z
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
_Xtime_get_ticks
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Assign@_ContextCallback@details@Concurrency@@AAEXPAX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
_Mtx_current_owns
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_timedwait
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
_Cnd_init_in_situ
?_Xbad_alloc@std@@YAXXZ
_Query_perf_frequency
_Query_perf_counter
??0?$_Yarn@D@std@@QAE@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
??1?$codecvt@DDU_Mbstatet@@@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Incref@facet@locale@std@@UAEXXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
_Cnd_wait
?_Syserror_map@std@@YAPBDH@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
_Cnd_unregister_at_thread_exit
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_register_at_thread_exit
?_Xruntime_error@std@@YAXPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_Getname@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?do_encoding@?$codecvt@_SDU_Mbstatet@@@std@@MBEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Xbad_function_call@std@@YAXXZ

shell32

SHGetKnownFolderPath
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
ShellExecuteW

shlwapi

PathRemoveFileSpecW
PathCombineW
PathFindFileNameW

user32

DefWindowProcW
DestroyWindow
MessageBoxA
SendMessageW
PostQuitMessage
GetWindowRect
DispatchMessageW
TranslateMessage
PeekMessageW
UpdateWindow
ShowWindow
UnregisterClassW
SetLayeredWindowAttributes
SetWindowPos
GetWindowLongW
SetWindowLongW
CreateWindowExW
SetTimer
RegisterClassExW
LoadIconW
PostMessageW
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetClientRect
ScreenToClient
GetCursorPos
IsChild
GetForegroundWindow
SetCursorPos
ClientToScreen
LoadCursorW
SetCursor
GetMessageW
EmptyClipboard
CloseClipboard
GetClipboardData
KillTimer
OpenClipboard
GetDesktopWindow
SetClipboardData

vcruntime140

__CxxFrameHandler
__std_terminate
strstr
__std_exception_copy
__std_exception_destroy
_purecall
__current_exception
__current_exception_context
_except_handler4_common
memset
_CxxThrowException
memchr
memcpy
memcpy

wininet

InternetCheckConnectionW

ucrtbase

_unlock_file
_lock_file
_callnewh
_set_new_mode
malloc
free
_configthreadlocale
ceil
_libm_sse2_cos_precise
_libm_sse2_acos_precise
floor
__setusermatherr
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_CIfmod
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_Exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
abort
terminate
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_controlfp_s
fgetpos
__stdio_common_vfprintf
ftell
fclose
_wfopen
__stdio_common_vsprintf
_set_fmode
__stdio_common_vswprintf_s
ungetc
_fseeki64
fsetpos
__p__commode
fputc
setvbuf
fseek
fread
fwrite
__stdio_common_vsprintf_s
__acrt_iob_func
_get_stream_buffer_pointers
fgetc
fflush
__stdio_common_vsscanf
strncpy
_wcsicmp
wcsnlen
wcsncpy_s
wcscat_s
wcscpy_s
qsort

d3d9

Direct3DCreate9

dbghelp

SymInitializeW
SymLoadModuleExW
SymUnloadModule64
SymSetOptions
SymFromName
SymCleanup

combase

CoTaskMemFree
StringFromGUID2

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 315KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 165KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1ca9e61202172ce0a003b35a4f002e6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comdlg32

imm32

kernel32

msvcp140

shell32

shlwapi

user32

vcruntime140

wininet

ucrtbase

d3d9

dbghelp

combase

urlmon

Sections

.text Size: 315KB - Virtual size: 316KB

Size: 512B - Virtual size: 4KB

Size: 165KB - Virtual size: 176KB

Size: 5KB - Virtual size: 8KB

Size: 1.2MB - Virtual size: 1.2MB

Size: 13KB - Virtual size: 16KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 134KB - Virtual size: 136KB

.themida Size: 3.9MB - Virtual size: 3.9MB

.boot Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 12KB - Virtual size: 16KB

.text
Size: 315KB - Virtual size: 316KB

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 134KB - Virtual size: 136KB

.themida
Size: 3.9MB - Virtual size: 3.9MB

.boot
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 12KB - Virtual size: 16KB