gate4[.]exe[.]2

Sharing

Copy URL Twitter E-mail

General

Target

gate4.exe.2
Size

6.4MB
MD5

8a6554c54d9040abfbbaa853c9abce67
SHA1

3473d031815b2902f84b9b0fde7732cb54376a8f
SHA256

acdbcef3bcab8f9a42871c9d85702ab267995726d8874ba5b837c7dfe2222dad
SHA512

5f91ff6ec3d65cd05c3219e935e4488441c2653b606c0b8daea2d44b25c8e803d20c63978c7b991a571381c31a7c6144d18368fe9176c55662eedd10f2ccc345
SSDEEP

196608:3ezOWEWgS5TZmOT94Ii4F8t5QBPYymcbk:3fW75TpT94Iz8t5QBQymcbk

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

gate4.exe.2
.exe windows:6 windows x64

a4308f82c6f6f467c58289d16d7acab2

Code Sign

1e:87:20:55:3c:f8:4e:41:bb:8c:3a:5d:6a:a5:ed:e5
Certificate

Issuer

CN=Kingston Fury Impact DDR5 2x32Gb,OU=KF556S40IBK2-64,O=Kingston Fury Impact DDR5 2x32Gb,L=owner,ST=Italy,C=IT

Not Before

12/09/2023, 15:56

Not After

12/05/2025, 00:00

Subject

CN=Kingston Fury Impact DDR5 2x32Gb,OU=KF556S40IBK2-64,O=Kingston Fury Impact DDR5 2x32Gb,L=owner,ST=Italy,C=IT

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:57:85:06:87:e0:77:1b:0f:7e:2f:13:47:29:cd:2c:b8:15:f4:cd:15:06:33:6e:84:ea:c2:76:30:57:fd:b1
Signer

Actual PE Digest

c7:57:85:06:87:e0:77:1b:0f:7e:2f:13:47:29:cd:2c:b8:15:f4:cd:15:06:33:6e:84:ea:c2:76:30:57:fd:b1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.7zip0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7zip1
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.7zip2
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7zip3
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_MEM_READ

.rsrc
Size: 80KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4308f82c6f6f467c58289d16d7acab2

Code Sign

1e:87:20:55:3c:f8:4e:41:bb:8c:3a:5d:6a:a5:ed:e5Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c7:57:85:06:87:e0:77:1b:0f:7e:2f:13:47:29:cd:2c:b8:15:f4:cd:15:06:33:6e:84:ea:c2:76:30:57:fd:b1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

Size: - Virtual size: 3.1MB

Size: - Virtual size: 240KB

Size: - Virtual size: 73KB

Size: - Virtual size: 85KB

Size: - Virtual size: 252B

.7zip0 Size: - Virtual size: 158KB

Size: - Virtual size: 9KB

.idata Size: - Virtual size: 4KB

.tls Size: - Virtual size: 4KB

.themida Size: - Virtual size: 4.1MB

.7zip1 Size: - Virtual size: 1.3MB

.7zip2 Size: 1024B - Virtual size: 944B

.7zip3 Size: 6.4MB - Virtual size: 6.4MB

.reloc Size: 512B - Virtual size: 172B

.rsrc Size: 80KB - Virtual size: 158KB

1e:87:20:55:3c:f8:4e:41:bb:8c:3a:5d:6a:a5:ed:e5
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c7:57:85:06:87:e0:77:1b:0f:7e:2f:13:47:29:cd:2c:b8:15:f4:cd:15:06:33:6e:84:ea:c2:76:30:57:fd:b1
Signer

.7zip0
Size: - Virtual size: 158KB

.idata
Size: - Virtual size: 4KB

.tls
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 4.1MB

.7zip1
Size: - Virtual size: 1.3MB

.7zip2
Size: 1024B - Virtual size: 944B

.7zip3
Size: 6.4MB - Virtual size: 6.4MB

.reloc
Size: 512B - Virtual size: 172B

.rsrc
Size: 80KB - Virtual size: 158KB