ORBIT_LOADER[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ORBIT_LOADER.exe
Size

25.0MB
MD5

79d069f46653f923b6638f316ed4fb1c
SHA1

31e2f246aeb56a4d728d57d245a0a0313e81b45f
SHA256

984c1aea54604f6caa48dcad0135857515fcbce58e925b746a0d6ff83b962506
SHA512

03b877f4b5d3186580e02287fc1ba78c45efa2150e74ffc588f3dc8964dedbfe6396976ab8cab7f9b0e82fd54c4b50fe7325cf6ec8342ce7cbc9207144ac30a8
SSDEEP

393216:a6QU2iIDWGf5N/DFzAlx0lNCQq9fkEsTW0VOEBVQCx2A1LCP+rA6vI4RC:sdRzcaNBq9kEsWUhPJ0AZ8+rHo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ORBIT_LOADER.exe

Files

ORBIT_LOADER.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

?mGetExportedFunctionOffset@mProcessFunctions@@YAKAEBQEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetHandle@mProcessFunctions@@YAPEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4ProcessAccess@1@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleAddress@mProcessFunctions@@YA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetModuleBitness@mProcessFunctions@@YA?AW4Bitness@1@AEBQEAUHINSTANCE__@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBQEAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetModuleHandle@mProcessFunctions@@YAPEAUHINSTANCE__@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mGetPID@mProcessFunctions@@YAKAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?mGetPatternAddress@mMemoryFunctions@@YAKPEBD0AEBQEAXQEAUHINSTANCE__@@@Z
?mInjectDLL@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBQEAXAEB_K1@Z
?mReadMemory@mMemoryFunctions@@YAPEBXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_K1@Z
?mValidateHandle@mProcessFunctions@@YA_NAEAPEAX@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBQEAXAEB_KAEBQEBX1@Z
?mWriteMemory@mMemoryFunctions@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEB_KAEBQEBX1@Z

Sections

Size: 244KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 275B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1012B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 40.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 24.7MB - Virtual size: 24.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 244KB - Virtual size: 513KB

Size: 41KB - Virtual size: 115KB

Size: 512B - Virtual size: 6KB

Size: 11KB - Virtual size: 19KB

Size: 275B - Virtual size: 488B

Size: 1012B - Virtual size: 1KB

.exports Size: 2KB - Virtual size: 4KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 40.2MB

.boot Size: 24.7MB - Virtual size: 24.7MB

.reloc Size: 16B - Virtual size: 4KB

.exports
Size: 2KB - Virtual size: 4KB

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 40.2MB

.boot
Size: 24.7MB - Virtual size: 24.7MB

.reloc
Size: 16B - Virtual size: 4KB