c92691a56dc372c49a1e304aa053f353

Sharing

Copy URL Twitter E-mail

General

Target

c92691a56dc372c49a1e304aa053f353
Size

1.2MB
MD5

c92691a56dc372c49a1e304aa053f353
SHA1

ae223b774769e45d34f78494150996251a289cae
SHA256

74f65a16c49015517726abb4862da604035b5c435f171414197b3b52788ec8ad
SHA512

63a520852a11c8b3fd3117cec079a586136588f653e89f46a62b7614da88669a4360b9a7066bbf4b4c28c6d1fdea3e265eb67414e41e16f059777d68400fd5bb
SSDEEP

24576:KppmlK7t7NnG65vi9myvPmi+0I2AzAQ8CNuKmH5:KpEK94pFPJ+0I2YAQpuKmZ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c92691a56dc372c49a1e304aa053f353

Files

c92691a56dc372c49a1e304aa053f353
.dll windows:4 windows x86 arch:x86

c984d10f0743ab3aed0a4b61343324ca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
GlobalFlags
GetCurrentDirectoryA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
ExitProcess
TerminateProcess
GetCommandLineA
HeapAlloc
HeapFree
SetStdHandle
GetFileType
GetACP
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
GetFileAttributesA
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
VirtualAlloc
IsBadWritePtr
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalReAlloc
TlsGetValue
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
FindNextFileA
FindFirstFileA
FindClose
MulDiv
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFree
WaitForSingleObject
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
LocalAlloc
FreeLibrary
lstrcpyA
EnterCriticalSection
lstrcpynA
GetLastError
SetLastError
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
Beep
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateThread
GetVersionExA
DeviceIoControl
GetSystemDirectoryA
CreateFileA
GetFileTime
Module32First
Module32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
FindResourceA
InterlockedExchange
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
SetErrorMode
GetCurrentProcessId
InterlockedIncrement
WritePrivateProfileStringA
ReadProcessMemory
VirtualProtect
VirtualProtectEx
WriteProcessMemory
CloseHandle
Sleep
GetPrivateProfileSectionA
GetCurrentProcess
GetVersion
GetModuleHandleA
GetProcAddress
OpenProcess
SetUnhandledExceptionFilter
GetTickCount
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetTickCount
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
LoadLibraryA
LoadLibraryW
FreeLibrary
GetModuleFileNameA
SetLastError
GetModuleHandleA
GetModuleHandleW
GetCurrentThreadId
GetCommandLineA
HeapAlloc
RaiseException
GetLastError
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
ScreenToClient
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
ReleaseDC
GetDC
wvsprintfA
TabbedTextOutA
DrawTextA
GrayStringA
CharUpperA
UnregisterClassA
LoadStringA
GetClassNameA
LoadCursorA
GetSysColorBrush
DestroyMenu
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenu
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
GetSubMenu
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
CallNextHookEx
ValidateRect
SetWindowsHookExA
SetCursor
PostQuitMessage
wsprintfA
GetLastActivePopup
IsWindowEnabled
SetWindowPos
MoveWindow
GetDlgCtrlID
GetWindowTextLengthA
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetParent
GetKeyState
PtInRect
SetFocus
KillTimer
SetTimer
PeekMessageA
WindowFromPoint
InflateRect
EnableWindow
PostThreadMessageA
GetWindowRect
OffsetRect
GetMessageA
TranslateMessage
DispatchMessageA
OpenClipboard
EmptyClipboard
GetMenuItemID
EndDialog
GetMenuItemCount
CallWindowProcA
PostMessageA
GetWindowTextA
IsWindow
SetClipboardData
CloseClipboard
MessageBoxA
SetWindowLongA
ShowWindow
GetClientRect
SetCapture
ReleaseCapture
GetCursorPos
ClientToScreen
ShowCursor
SetCursorPos
ModifyMenuA
DefWindowProcA
MapVirtualKeyA
SendMessageA
keybd_event
ExitWindowsEx
FindWindowExA
GetWindowThreadProcessId
IsWindowVisible
SetForegroundWindow
SetMenuItemBitmaps
MessageBoxW

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteObject
ScaleViewportExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetStockObject
CreateBitmap

comdlg32

GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
InitiateSystemShutdownA
RegSetValueExA

comctl32

ord17
ImageList_Destroy

wininet

InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetGetLastResponseInfoA

shlwapi

PathFileExistsA

netapi32

Netbios

winmm

PlaySoundA

Exports

Exports

debug_msgbox
debug_showmsg
fuckyou

Sections

.text
Size: 348KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

themida
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tm0
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tm1
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tm2
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c984d10f0743ab3aed0a4b61343324ca

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

wininet

shlwapi

netapi32

winmm

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 346KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 28KB - Virtual size: 47KB

themida Size: 4KB - Virtual size: 704B

.rsrc Size: 156KB - Virtual size: 152KB

.tm0 Size: 32KB - Virtual size: 31KB

.tm1 Size: 600KB - Virtual size: 596KB

.tm2 Size: 40KB - Virtual size: 39KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 348KB - Virtual size: 346KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 28KB - Virtual size: 47KB

themida
Size: 4KB - Virtual size: 704B

.rsrc
Size: 156KB - Virtual size: 152KB

.tm0
Size: 32KB - Virtual size: 31KB

.tm1
Size: 600KB - Virtual size: 596KB

.tm2
Size: 40KB - Virtual size: 39KB

.reloc
Size: 24KB - Virtual size: 23KB