gate4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

gate4.exe
Size

6.3MB
MD5

d16faa20eae0e828b6e41de529a3052f
SHA1

3248d96943e8af21e7d79b8822a632e3f4bd1348
SHA256

249c5999fed16005d30c9a19d31bfedbe87fdada2d8b5a8bd6774544a0872d21
SHA512

6b2a2e33a760d7f9142e9d4fd088bcd7fc75c0269b7d08516eb4bf848d848885701790c235f1ea7df7289b60fad1f40a89d55d5ebdf8f6b99ce1541a2eb55fce
SSDEEP

196608:ZMpUyFHjxt577D+szcqdsJOsNPFrVqIMkm:ZMpUSjH577D+wyJ7JNE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

gate4.exe
.exe windows:6 windows x64

a4308f82c6f6f467c58289d16d7acab2

Code Sign

7a:09:f4:ab:3a:2d:ff:a8:40:0e:d7:4a:6d:fa:2c:26
Certificate

Issuer

CN=HP EliteDesk 800 G6 TWR 272Y1EA

Not Before

10/09/2023, 12:59

Not After

11/09/2033, 12:59

Subject

CN=HP EliteDesk 800 G6 TWR 272Y1EA

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:bf:af:cc:1c:81:ac:6d:8d:4b:16:58:1d:88:8b:8c:13:08:72:33:a0:90:fb:96:93:b3:c1:d7:bb:2e:ca:aa
Signer

Actual PE Digest

4d:bf:af:cc:1c:81:ac:6d:8d:4b:16:58:1d:88:8b:8c:13:08:72:33:a0:90:fb:96:93:b3:c1:d7:bb:2e:ca:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zip0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zip1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zip2
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zip3
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4308f82c6f6f467c58289d16d7acab2

Code Sign

7a:09:f4:ab:3a:2d:ff:a8:40:0e:d7:4a:6d:fa:2c:26Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4d:bf:af:cc:1c:81:ac:6d:8d:4b:16:58:1d:88:8b:8c:13:08:72:33:a0:90:fb:96:93:b3:c1:d7:bb:2e:ca:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.zip0 Size: - Virtual size: 156KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 3.9MB

.zip1 Size: - Virtual size: 1.3MB

.zip2 Size: 1024B - Virtual size: 944B

.zip3 Size: 6.2MB - Virtual size: 6.2MB

.reloc Size: 512B - Virtual size: 184B

.rsrc Size: 78KB - Virtual size: 157KB

7a:09:f4:ab:3a:2d:ff:a8:40:0e:d7:4a:6d:fa:2c:26
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4d:bf:af:cc:1c:81:ac:6d:8d:4b:16:58:1d:88:8b:8c:13:08:72:33:a0:90:fb:96:93:b3:c1:d7:bb:2e:ca:aa
Signer

.zip0
Size: - Virtual size: 156KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 3.9MB

.zip1
Size: - Virtual size: 1.3MB

.zip2
Size: 1024B - Virtual size: 944B

.zip3
Size: 6.2MB - Virtual size: 6.2MB

.reloc
Size: 512B - Virtual size: 184B

.rsrc
Size: 78KB - Virtual size: 157KB