6bb80f6fd257851d5888236508fdfb26

Sharing

Copy URL

Twitter E-mail

General

Target

6bb80f6fd257851d5888236508fdfb26
Size

1.4MB
MD5

6bb80f6fd257851d5888236508fdfb26
SHA1

f59dd72c5428a0a5fb5b30f0a6d320b1cbb36561
SHA256

38c7f18680f90c69c1d6d5c725f534d5b2b85de35fe65ea433fafac03561669a
SHA512

b26765edf93506155ed72122c9a8a280532be853f43eeed4a444c2154b74fb501455abf0b7398245a34f731f77b63d9075767f765b101547dde3405fea8f386c
SSDEEP

24576:/rXuhyJk/im6ZHZNE8+UF7+93v3KQKVu5hL7GEmnqd3x+6aUXDsVPL9JdcnA9Xwo:bwyJk/ibLsAWiQB7xmnqd3x+6nTslZJJ

Score

7^/10

upx themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/keygen.exe	themida

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CORE10k.EXE	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Adobelm.dll
unpack001/CORE10k.EXE
unpack001/adobe.acrobat.9.0.pro.extended.9.1.(adobelm.dll.2.5.1.59)-patch.exe
unpack001/keygen.exe

Files

6bb80f6fd257851d5888236508fdfb26
.zip
Adobelm.dll
.dll windows:4 windows x86 arch:x86

bb1d8274cc1c620ddc37f458e9e21972

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winhttp

WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpSetStatusCallback
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpCloseHandle
WinHttpGetProxyForUrl

shlwapi

PathRemoveBackslashA
PathRemoveFileSpecW

kernel32

TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
GetTimeZoneInformation
FlushFileBuffers
GetFullPathNameW
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WriteFile
CreateFileA
CreateFileW
SetEndOfFile
GetDriveTypeA
GetFullPathNameA
GetEnvironmentVariableA
FormatMessageA
GetModuleHandleW
LocalFree
lstrcmpA
lstrcpyA
CreateProcessA
lstrlenA
GetWindowsDirectoryA
GetVersion
ResetEvent
CreateEventA
ReleaseMutex
CreateMutexA
GetCommandLineW
GetEnvironmentVariableW
SetErrorMode
SetHandleInformation
GetSystemDirectoryA
GetProcessTimes
FindFirstFileA
TlsGetValue
FindNextFileA
GetVolumeInformationA
GetPrivateProfileStringA
GetPrivateProfileIntA
DeviceIoControl
GetSystemTime
SystemTimeToFileTime
GetLocalTime
LocalAlloc
GetFileSize
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
MoveFileA
DuplicateHandle
IsProcessorFeaturePresent
InterlockedCompareExchange
GlobalLock
GlobalUnlock
lstrcmpiW
lstrcpyW
FlushInstructionCache
lstrlenW
GetModuleFileNameW
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetDateFormatA
GetTimeFormatA
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
RaiseException
IsDebuggerPresent
IsDBCSLeadByteEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTempPathW
LoadLibraryW
FreeLibrary
GetProcAddress
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetLastError
WaitForMultipleObjects
GlobalFree
MultiByteToWideChar
GetComputerNameExW
CreateThread
CloseHandle
OpenEventW
SetEvent
GetVersionExW
GetTickCount
WaitForSingleObject
ReleaseSemaphore
MoveFileW
GetFileAttributesW
DeleteFileA
DeleteFileW
ExitThread
ResumeThread
VirtualProtect
GetSystemInfo
VirtualQuery
GetFileAttributesA
CreatePipe
GetModuleHandleA
GetModuleFileNameA
FindNextFileW
GetStdHandle
SetEnvironmentVariableW
OutputDebugStringA
MulDiv
GetComputerNameW
GlobalMemoryStatus
SetStdHandle

user32

ScreenToClient
MoveWindow
ShowWindow
SetWindowTextA
PostQuitMessage
GetAncestor
GetClientRect
GetSystemMetrics
GetFocus
GetParent
wsprintfA
CreateDialogIndirectParamA
EndDialog
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
MessageBeep
GetWindowLongA
SendMessageA
GetDlgItem
GetWindowRect
EnableWindow
GetActiveWindow
MessageBoxA
DialogBoxIndirectParamA
GetMenuItemID
SetFocus
DeleteMenu
LoadImageW
CopyImage
SetPropW
GetPropW
GetAsyncKeyState
GetNextDlgTabItem
MessageBoxW
DestroyIcon
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
GetWindowLongW
SystemParametersInfoW
GetClassNameW
EnumChildWindows
GetTopWindow
EndPaint
BeginPaint
FillRect
GetUpdateRect
GetSysColorBrush
SendMessageW
PostMessageW
SetTimer
KillTimer
SetWindowTextW
SetWindowLongW
CreateWindowExW
GetWindowTextW
GetWindowTextLengthW
InvalidateRect
IsWindow
SetWindowPos
GetSysColor
DrawTextW
CharNextW
GetDC
ReleaseDC
DefWindowProcW
OffsetRect
SetRectEmpty
LoadCursorW
DestroyWindow
UpdateWindow
IsWindowEnabled
SetCapture
GetDlgCtrlID
PtInRect
CallWindowProcW
DrawFocusRect
SetCursor
GetCursorPos
ReleaseCapture
GetCapture
SendDlgItemMessageW
SetDlgItemTextW
OpenClipboard
LoadStringW
IsWindowVisible
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
EnableMenuItem
GetSystemMenu
MapWindowPoints
LockWindowUpdate
BringWindowToTop
SetForegroundWindow
SetClassLongW
GetClassLongW
CheckDlgButton
InflateRect
RegisterClassW
UnregisterClassW
UnregisterClassA
SetActiveWindow
GetMenuItemCount

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
OpenProcessToken
RegEnumValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
GetUserNameA
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetUserNameW
GetTokenInformation
OpenThreadToken
RegEnumKeyExA

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipGetImageHeight

msimg32

AlphaBlend

imm32

ImmSetOpenStatus
ImmReleaseContext
ImmGetContext

wsock32

setsockopt
inet_ntoa
send
recv
closesocket
socket
connect
select
__WSAFDIsSet
getsockopt
getsockname
WSAStartup
WSACleanup
ntohs
getservbyport
gethostbyaddr
gethostbyname
WSAGetLastError
ioctlsocket
htons
getservbyname
inet_addr
gethostname
htonl
ntohl

comctl32

ord17
_TrackMouseEvent

netapi32

Netbios

gdi32

BitBlt
GetTextExtentPoint32W
GetTextExtentExPointW
GetDeviceCaps
GetCharABCWidthsW
TextOutW
CreatePen
MoveToEx
LineTo
SetPixel
GetBitmapBits
Rectangle
StretchBlt
CreateCompatibleBitmap
CreateSolidBrush
GetLayout
RoundRect
SetTextColor
SetBkMode
GetStockObject
CreateFontIndirectW
CreateDIBSection
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject
SetBrushOrgEx
SetMapMode
CreatePatternBrush
SetLayout

shell32

ShellExecuteW
ShellExecuteA

Exports

Exports

AdobeLM_GetVersion
AdobeLM_Info_GetEffectiveLicenseConfig
AdobeLM_Info_GetErrorCode
AdobeLM_Info_GetExtendedInfoAsInt
AdobeLM_Info_SetBackgroundTransactionSemaphore
AdobeLM_Info_SetLicenseStatusChangedNotification
AdobeLM_Info_SetMainWindow
AdobeLM_Initialize
AdobeLM_License_Activate
AdobeLM_License_PrepareToActivate
AdobeLM_License_Return
AdobeLM_License_UpdateSerialNum
AdobeLM_ShowAlert
AdobeLM_Terminate

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 616KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CORE10k.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 13.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
adobe.acrobat.9.0.pro.extended.9.1.(adobelm.dll.2.5.1.59)-patch.exe
.exe windows:4 windows x86 arch:x86

f8ba7a7f65fffca560c4793c39e79565

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
UpdateWindow
SetWindowRgn
SetWindowPos
SetWindowLongA
SetWindowTextA
TrackPopupMenu
SetFocus
SetDlgItemTextA
SetClassLongA
SetCapture
SendMessageA
ReleaseCapture
RegisterClassExA
RedrawWindow
PtInRect
OffsetRect
MessageBoxA
LoadIconA
LoadCursorA
LoadBitmapA
IsDlgButtonChecked
InvalidateRect
IntersectRect
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetParent
GetKeyState
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
GetClientRect
MoveWindow
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetCapture
GetActiveWindow
EndDialog
EnableWindow
DrawTextA
DialogBoxParamA
DefWindowProcA
CreateWindowExA
CreatePopupMenu
CheckDlgButton
CallWindowProcA
AppendMenuA

kernel32

WriteFile
CompareStringA
GetModuleFileNameA
SetCurrentDirectoryA
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
FlushFileBuffers
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WaitForSingleObject
VirtualFree
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
FreeLibrary
GetCommandLineA
GetCurrentDirectoryA
GetFileAttributesA
GetFileSize
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
MapViewOfFile
MoveFileA
RtlMoveMemory
RtlZeroMemory
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SizeofResource
Sleep
UnmapViewOfFile
VirtualAlloc

shell32

ShellExecuteA

gdi32

CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
ExtCreateRegion
GetObjectA
GetPixel
GetStockObject
BitBlt
CreateCompatibleBitmap
TextOutA
SetTextColor
SetPixel
SetBkMode
SetBkColor
SelectObject
RoundRect
RemoveFontResourceA
GetTextExtentPointA
AddFontResourceA

comctl32

InitCommonControls

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keygen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.Themida
Size: 512B - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Themida
Size: 89KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb1d8274cc1c620ddc37f458e9e21972

Headers

File Characteristics

Imports

winhttp

shlwapi

kernel32

user32

comdlg32

advapi32

gdiplus

msimg32

imm32

wsock32

comctl32

netapi32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.textidx Size: 616KB - Virtual size: 614KB

CONST Size: 4KB - Virtual size: 80B

.rdata Size: 244KB - Virtual size: 242KB

.data Size: 152KB - Virtual size: 488KB

.data1 Size: 4KB - Virtual size: 260B

.fnp_dir Size: 4KB - Virtual size: 116B

.fnp_mar Size: 4KB - Virtual size: 1B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 132KB - Virtual size: 131KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 13.0MB

UPX1 Size: 129KB - Virtual size: 132KB

.rsrc Size: 4KB - Virtual size: 8KB

f8ba7a7f65fffca560c4793c39e79565

Headers

File Characteristics

Imports

user32

kernel32

shell32

gdi32

comctl32

advapi32

comdlg32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 292KB - Virtual size: 292KB

Headers

File Characteristics

Sections

.Themida Size: 512B - Virtual size: 628KB

.Themida Size: 89KB - Virtual size: 102KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.textidx
Size: 616KB - Virtual size: 614KB

CONST
Size: 4KB - Virtual size: 80B

.rdata
Size: 244KB - Virtual size: 242KB

.data
Size: 152KB - Virtual size: 488KB

.data1
Size: 4KB - Virtual size: 260B

.fnp_dir
Size: 4KB - Virtual size: 116B

.fnp_mar
Size: 4KB - Virtual size: 1B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 132KB - Virtual size: 131KB

UPX0
Size: - Virtual size: 13.0MB

UPX1
Size: 129KB - Virtual size: 132KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 292KB - Virtual size: 292KB

.Themida
Size: 512B - Virtual size: 628KB

.Themida
Size: 89KB - Virtual size: 102KB