00a8cd120fc7b04b5958107af78c965e5e132d6585bd585ad5b16421edc8456a[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

00a8cd120fc7b04b5958107af78c965e5e132d6585bd585ad5b16421edc8456a.zip
Size

11.8MB
MD5

10b9ac9e362e319dbbc134f9786f9cdd
SHA1

0bcd4042c00e1f3d462e434639b92bbec6dc5576
SHA256

8418578e91e2832db495a1d6fd99a2730276232c046cb25f78e20877bab7c248
SHA512

e38c74c620e83f4e8cb94de5c1c328f69c3ae21e1e62f53853a188da84fc75250f51aeeae2dd7eaece125aabef2996983b3e78f4e2e9842a7edb87e871234833
SSDEEP

196608:GHEhL5G/PG9sC5G3GsM9yOzynFZe7C+V8lrOARh7V1/aP9YHaVLY5YG/XqvdfvfG:l52jeH99y3nFw7CaWRh7O9NVLY5YOAf2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack002/OLZHWSMUOW.GuJ	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/OLZHWSMUOW.GuJ
unpack002/qDu.u.exe

Files

00a8cd120fc7b04b5958107af78c965e5e132d6585bd585ad5b16421edc8456a.zip
.zip

Password: infected
00a8cd120fc7b04b5958107af78c965e5e132d6585bd585ad5b16421edc8456a.zip
.zip

Password: infected
OLZHWSMUOW.GuJ
.dll windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HCTU09ZGJFCQJ1AI2
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 1.5MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 96KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 38KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 217KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 45KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
qDu.u.ahk
qDu.u.exe
.exe windows x86

Password: infected

843075fba28109153465b53d9d36a319

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
recv
socket
getservbyname
WSASetLastError
WSAAsyncSelect
closesocket
gethostbyaddr
gethostbyname
send
getservbyport
gethostname
inet_ntoa
connect
inet_addr
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
ntohs
shutdown

winmm

waveOutGetVolume
mixerGetLineInfoW
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetDevCapsW
waveOutSetVolume
mixerClose
mixerOpen
mciSendStringW
joyGetDevCapsW
joyGetPosEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW
InitCommonControlsEx

psapi

GetModuleBaseNameW
GetModuleFileNameExW

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetOpenW

kernel32

GlobalFree
GlobalUnlock
GetEnvironmentVariableW
FreeLibrary
WideCharToMultiByte
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
LoadLibraryW
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
GetFullPathNameW
GetSystemTimeAsFileTime
LoadResource
LockResource
SizeofResource
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
GlobalAlloc
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
CopyFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
GlobalLock
FindResourceW
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
ExitProcess
HeapSize
HeapQueryInformation
GetCommandLineW
HeapSetInformation
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
HeapAlloc
HeapFree
HeapReAlloc
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStringTypeW
HeapCreate
InitializeCriticalSectionAndSpinCount
RaiseException
SetHandleCount
IsProcessorFeaturePresent
LCMapStringW
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
SetFilePointer
WriteConsoleW
SetStdHandle
GetProcessHeap
SetLastError
VirtualQuery

user32

SetFocus
SetWindowRgn
SetWindowPos
SetLayeredWindowAttributes
InvalidateRect
EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
EnumDisplayMonitors
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
MessageBeep
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetParent
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
CopyImage
SetActiveWindow
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetQueueStatus
LoadImageW
ChangeClipboardChain
IsWindowVisible
LoadAcceleratorsW
EnableMenuItem
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
ClientToScreen
EnumChildWindows
MoveWindow
GetWindowRect
GetMonitorInfoW
MonitorFromPoint
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
CreateIconIndirect
SetWindowTextW
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
BlockInput
SetClipboardViewer
CheckMenuItem
RegisterHotKey

gdi32

GdiFlush
CreateDIBSection
EnumFontFamiliesExW
SetBrushOrgEx
SetBkColor
GetPixel
BitBlt
CreatePatternBrush
SetBkMode
GetCharABCWidthsW
GetClipBox
FillRgn
GetClipRgn
ExcludeClipRect
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
SetTextColor

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
LockServiceDatabase
OpenSCManagerW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
RegConnectRegistryW
UnlockServiceDatabase

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayDestroy
GetActiveObject
SysStringLen
SysFreeString
SafeArrayCreate
VariantClear
VariantChangeType
SysAllocString
SafeArrayCopy
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.5MB - Virtual size: 4.4MB

Size: 7KB - Virtual size: 15KB

Size: 96KB - Virtual size: 157KB

.bss Size: - Virtual size: 38KB

Size: 1KB - Virtual size: 16KB

Size: 1KB - Virtual size: 3KB

Size: 512B - Virtual size: 187B

Size: 512B - Virtual size: 69B

Size: 217KB - Virtual size: 390KB

Size: 45KB - Virtual size: 204KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.themida Size: - Virtual size: 14.6MB

.boot Size: 9.7MB - Virtual size: 9.7MB

Password: infected

843075fba28109153465b53d9d36a319

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 685KB - Virtual size: 684KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 13KB - Virtual size: 36KB

.rsrc Size: 38KB - Virtual size: 37KB

.bss
Size: - Virtual size: 38KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.themida
Size: - Virtual size: 14.6MB

.boot
Size: 9.7MB - Virtual size: 9.7MB

.text
Size: 685KB - Virtual size: 684KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 13KB - Virtual size: 36KB

.rsrc
Size: 38KB - Virtual size: 37KB