version-1[.]5[.]2[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

version-1.5.2.rar
Size

8.0MB
MD5

c022455a9492a69ceb283503807eac64
SHA1

e78e38e6ba8c3a2c624945adf6def7818253df39
SHA256

554dccab9f56a55419ff755ac0de0927d591e74ce17a4ff8eb20cd718c988c81
SHA512

7d986109667028922a29e7beee0894ca5b2d7782eb2cd360c8466f2335b0e0d34470b218199bc267530ab133afe01a4326d329ea32c01d3778c26c39a98bd0f4
SSDEEP

196608:s3CKxKHs0ePdJkpW7zN8QCjgVQrPWTU+f1IabA5d:6hHTWp0CsVcsvIaM5d

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/version-1.5.2/turn off av, run on web version.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/version-1.5.2/turn off av, run on web version.exe

Files

version-1.5.2.rar
.rar
version-1.5.2/silence.json
version-1.5.2/turn off av, run on web version.exe
.exe windows:6 windows x64 arch:x64

8d9f8ef606453d4aeba5fcf4688ae739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetCursorPos
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateSolidBrush

advapi32

CryptDestroyKey

shell32

ShellExecuteA

msvcp140

?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ

ntdll

NtQuerySystemInformation

dbghelp

ImageNtHeader

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmReleaseContext

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

shlwapi

PathFindFileNameW

rpcrt4

UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

exit

api-ms-win-crt-stdio-l1-1-0

fsetpos

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-math-l1-1-0

roundf

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-filesystem-l1-1-0

_unlink

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-environment-l1-1-0

getenv

ws2_32

ntohl

normaliz

IdnToAscii

crypt32

CertCloseStore

wldap32

ord60

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d9f8ef606453d4aeba5fcf4688ae739

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp140

ntdll

dbghelp

d3d11

imm32

d3dcompiler_43

dwmapi

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

ws2_32

normaliz

crypt32

wldap32

wtsapi32

Sections

.text Size: - Virtual size: 970KB

.rdata Size: - Virtual size: 214KB

.data Size: - Virtual size: 8KB

.pdata Size: - Virtual size: 37KB

.themida Size: - Virtual size: 6.2MB

.themida Size: 8.4MB - Virtual size: 8.4MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 970KB

.rdata
Size: - Virtual size: 214KB

.data
Size: - Virtual size: 8KB

.pdata
Size: - Virtual size: 37KB

.themida
Size: - Virtual size: 6.2MB

.themida
Size: 8.4MB - Virtual size: 8.4MB

.rsrc
Size: 512B - Virtual size: 480B