gate3[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gate3.exe
Size

5.4MB
MD5

3d263b0f11fcfc8d5772f823e2d3ac69
SHA1

43dfb4dcffc3009387bd5af9e63c20df044e572c
SHA256

a1ff4bdf74bd217fd5d7a2133e423690e0db82f4402413258dc398e64192aa8d
SHA512

2d4dfdbbe8d5f42e7c093997d181739c7ab35664008dc65bfdf2fdf714add373c81b32efc4fc37a86ca0a509278dc140670e0c0fe48da0ab1a8e95b54fdcf287
SSDEEP

98304:y+jKgGLQZE5a+DI/e1LLFQICgEzNKcrR9eOKyt981PV:y+WBfI/ALLFQKEzNKm+5p1P

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
gate3.exe

Files

gate3.exe
.exe windows:6 windows x64

a4308f82c6f6f467c58289d16d7acab2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp‰0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp‰1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp‰2
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp‰3
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4308f82c6f6f467c58289d16d7acab2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.vmp‰0 Size: - Virtual size: 176KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.7MB

.vmp‰1 Size: - Virtual size: 1.3MB

.vmp‰2 Size: 1024B - Virtual size: 944B

.vmp‰3 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 512B - Virtual size: 196B

.rsrc Size: 98KB - Virtual size: 177KB

.vmp‰0
Size: - Virtual size: 176KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.7MB

.vmp‰1
Size: - Virtual size: 1.3MB

.vmp‰2
Size: 1024B - Virtual size: 944B

.vmp‰3
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 512B - Virtual size: 196B

.rsrc
Size: 98KB - Virtual size: 177KB