Artrial_Loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Artrial_Loader.exe
Size

25.5MB
MD5

4a830d947dae36a5c175796a546bd445
SHA1

92678489db25ecb4b3a70839275a9f21fc94f741
SHA256

630a81998ca817e074d3b939000f59ff8ccb0587bd54512e841724ccf3697cfb
SHA512

26d423cc9d010b730002572097aa4ebd24693365546f57223333faf37c2a82df1d9c276f650f96ec147bde571fed7d3f33c3f7b90b01e3df1d4da99849dfa0bf
SSDEEP

393216:hSUYu/FcVYPp/EabS5rwA3IjF9M5FNiwkho2KvhKij3j0hXbSIdwhr:hSUYu/yYZO5rwA3Ij8Xwho2EpPASR

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Artrial_Loader.exe

Files

Artrial_Loader.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

?mGetExportedFunctionOffset@mProcessFunctions@@YAKAEBQEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetHandle@mProcessFunctions@@YAPEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ProcessAccess@1@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetModuleBitness@mProcessFunctions@@YA?AW4Bitness@1@AEBQEAUHINSTANCE__@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetPID@mProcessFunctions@@YAKAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetPatternAddress@mMemoryFunctions@@YAKPEBD0AEBQEAXQEAUHINSTANCE__@@@Z
?mInjectDLL@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBQEAXAEB_K1@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K1@Z
?mValidateHandle@mProcessFunctions@@YA_NAEAPEAX@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBQEAXAEB_KAEBQEBX1@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_KAEBQEBX1@Z

Sections

Size: 244KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 514B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 41.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 25.2MB - Virtual size: 25.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 244KB - Virtual size: 513KB

Size: 41KB - Virtual size: 115KB

Size: 514B - Virtual size: 6KB

Size: 11KB - Virtual size: 19KB

Size: 275B - Virtual size: 488B

Size: 1024B - Virtual size: 1KB

.exports Size: 2KB - Virtual size: 4KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 41.0MB

.boot Size: 25.2MB - Virtual size: 25.2MB

.reloc Size: 16B - Virtual size: 4KB

.exports
Size: 2KB - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 41.0MB

.boot
Size: 25.2MB - Virtual size: 25.2MB

.reloc
Size: 16B - Virtual size: 4KB