8aaa9bba0bbb4ceedc48c10a1bfe6eef

Sharing

Copy URL Twitter E-mail

General

Target

8aaa9bba0bbb4ceedc48c10a1bfe6eef
Size

2.4MB
MD5

8aaa9bba0bbb4ceedc48c10a1bfe6eef
SHA1

52b87f8d597fc3362180e14ff591c4b2091fb447
SHA256

bdf1c7bcd89db762e214224591da7f84787608309cd1d688c1e208981d0971ba
SHA512

d462e43e11f674412649650908a8a0f4564351b88210eae629f704d52d62bce7fc3bee04eb664b6ad1691f0848c6a866fe96a3e4b63cf3d510e9f3003d56c7d8
SSDEEP

49152:KK85JgvjS4XQDqDpMRq3c8WI7z6/YuKrHA0p6PFxFyVSoOYR7ocAF:KDQXQDqDmF8WcuDPDM5OYR7/S

Score

7^/10

upx themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/sgcc.exe	themida

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/filterTester.exe	upx
static1/unpack001/sg1.exe	upx
static1/unpack001/sg1import.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fec.dll
unpack001/filterTester.exe
unpack001/sg1.exe
unpack001/sg1import.exe
unpack001/sgcc.exe

Files

8aaa9bba0bbb4ceedc48c10a1bfe6eef
.rar
fec.dll
.dll windows:4 windows x86 arch:x86

ce81c49a51c878fa70d314b686fa28c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetAtomNameA

msvcrt

__dllonexit
_errno
_iob
abort
exit
fflush
fprintf
free
malloc
memcmp
memcpy
memset

Exports

Exports

fec16_decode
fec16_decode@16
fec16_encode
fec16_encode@20
fec16_free
fec16_free@4
fec16_new
fec16_new@8

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 640KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
filterTester.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 284KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sg1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 524KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 274KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sg1.mdb
sg1filters.txt
sg1import.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 143KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sg1install.bat
sg1start.bat
sg1stop.bat
sg1uninstall.bat
sgcc.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 916KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Themida
Size: 885KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
shield.ini

Sharing

General

Malware Config

Signatures

Files

ce81c49a51c878fa70d314b686fa28c9

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 144B

.bss Size: - Virtual size: 640KB

.edata Size: 512B - Virtual size: 377B

.idata Size: 512B - Virtual size: 472B

.reloc Size: 1024B - Virtual size: 776B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 284KB

UPX1 Size: 157KB - Virtual size: 160KB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 524KB

UPX1 Size: 274KB - Virtual size: 276KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 252KB

UPX1 Size: 143KB - Virtual size: 144KB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

Size: 916KB - Virtual size: 2.3MB

.rsrc Size: 40KB - Virtual size: 145KB

.idata Size: 512B - Virtual size: 4KB

Themida Size: 885KB - Virtual size: 2.1MB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 144B

.bss
Size: - Virtual size: 640KB

.edata
Size: 512B - Virtual size: 377B

.idata
Size: 512B - Virtual size: 472B

.reloc
Size: 1024B - Virtual size: 776B

UPX0
Size: - Virtual size: 284KB

UPX1
Size: 157KB - Virtual size: 160KB

.rsrc
Size: 10KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 524KB

UPX1
Size: 274KB - Virtual size: 276KB

.rsrc
Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 252KB

UPX1
Size: 143KB - Virtual size: 144KB

.rsrc
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 40KB - Virtual size: 145KB

.idata
Size: 512B - Virtual size: 4KB

Themida
Size: 885KB - Virtual size: 2.1MB