Setup-pass-2024[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Setup-pass-2024.zip
Size

219.9MB
MD5

7b41e85fac39eb92d30c649aae6c0fe4
SHA1

d380e6217d1a20da9f53bc49ceb3f5d449e535e0
SHA256

3cc8279e73218a0a802158fcdfbb1b280992b24a19ec73aff7603538007f6d6d
SHA512

59be7c8aa17277b51fd9b10e1c1a350ddd2eccadf9c061610c18763cc5813e709ecfac2537c20d007ce2acfa6541f4fbd5ebd32d7c5131fa46ef110d504c25de
SSDEEP

6291456:rZEHhzh7kLczPyM3dqPJC8r7UOZ3EBJBHxKxb1s:9gCyqPJCiUO5ExRKxba

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Setup-pass-2024/Setup.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup-pass-2024/Engine.dll
unpack001/Setup-pass-2024/Setup.exe
unpack001/Setup-pass-2024/data0.bin

Files

Setup-pass-2024.zip
.zip

Password: infected
Setup-pass-2024/Engine.dll
.dll windows:10 windows x86 arch:x86

36f8d9de1f40b0b25d61ecca3a798822

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rasppp.pdb

Imports

msvcrt

memcpy
_except_handler4_common
memcmp
_initterm
malloc
free
_amsg_exit
_XcptFilter
atol
_ltoa
wcschr
atoi
memcpy_s
mbstowcs
strtok
isdigit
_stricmp
_vsnprintf
iswctype
_vsnwprintf
strstr
rand
time
srand
_itoa_s
wcsstr
_wcslwr
strchr
_wcsicmp
_strnicmp
memset

ntdll

RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
RtlIpv6StringToAddressA
RtlTimeToSecondsSince1970
RtlLocalTimeToSystemTime
RtlTimeFieldsToTime
RtlGetVersion
RtlGetNtProductType
RtlNtStatusToDosError
RtlQueueWorkItem
RtlInitUnicodeString

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
HeapCreate
HeapFree

api-ms-win-core-heap-l2-1-0

LocalReAlloc
LocalFree
LocalAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
CreateEventA
WaitForSingleObject
LeaveCriticalSection
DeleteCriticalSection
ResetEvent
InitializeCriticalSection
SetEvent
EnterCriticalSection

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegEnumKeyExA
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegQueryInfoKeyA
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExA

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExA
DisableThreadLibraryCalls

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

ExitThread
TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
GetWindowsDirectoryA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

ws2_32

htonl
ntohl
inet_addr

rpcrt4

UuidCreate

netutils

NetApiBufferFree

wkscli

NetWkstaTransportEnum

crypt32

CryptProtectData
CryptUnprotectData

dnsapi

DnsSetConfigDword

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameA

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegOpenKeyA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA
lstrlenW

cryptsp

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

rasapi32

RasSetEapUserDataAEx

rtutils

TraceDeregisterExA
TraceDeregisterA
LogEventW
TraceVprintfExA
RouterLogEventA
RouterLogEventStringA
RouterLogDeregisterA
RouterLogEventW
RouterLogRegisterA
TraceRegisterExA

eappcfg

EapHostPeerGetMethods
EapHostPeerQueryUIBlobFromInteractiveUIInputFields
EapHostPeerQueryUserBlobFromCredentialInputFields
EapHostPeerFreeErrorMemory
EapHostPeerQueryInteractiveUIInputFields
EapHostPeerFreeMemory

eappprxy

EapHostPeerBeginSession
EapHostPeerFreeEapError
EapHostPeerEndSession
EapHostPeerProcessReceivedPacket
EapHostPeerSetUIContext
EapHostPeerSetResponseAttributes
EapHostPeerGetSendPacket
EapHostPeerGetUIContext
EapHostPeerGetResponseAttributes
EapHostPeerClearConnection
EapHostPeerGetResult

rasman

RasPortSend
RasGetBuffer
RasInitializeNoWait
RasBundleGetPort
RasPortGetStatisticsEx
RasDeAllocateRoute
RasPortGetBundle
RasSendProtocolResultToRasman
RasGetPortUserData
RasPortSetFramingEx
RasGetFramingCapabilities
RasSetConnectionUserData
RasActivateRoute
RasPortGetProtocolCompression
RasGetTimeSinceLastActivity
RasCompressionGetInfo
RasGetInfo
RasPortCancelReceive
RasPortSetProtocolCompression
RasFreeBuffer
RasGetConnectInfo
RasAllocateRoute
RasAllocInterfaceLuidIndex
RasUpdateDefaultRouteSettings
RasPortBundle
RasSetEapInfo
RasPortConnectComplete
RasPortDisconnect
RasPortClose
RasProtocolStart
RasPortSetFraming
RasCompressionSetInfo
RasFreeInterfaceLuidIndex
RasProtocolStarted

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo
GetIpForwardTable
DeleteIpForwardEntry
SetIpForwardEntry
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetIpAddrTable
GetCurrentThreadCompartmentId
ConvertIpv4MaskToLength
SetCurrentThreadCompartmentId

api-ms-win-security-lsapolicy-l1-1-0

LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LsaFreeMemory

nsi

NsiGetParameterEx
NsiGetParameter
NsiSetAllParametersEx
NsiGetAllParametersEx

dhcpcsvc

DhcpRequestParams

Exports

Exports

InitializeProtocolEngine
InitializeServerProtocolEngine
PppStop
RasCpEnumProtocolIds
RasCpGetInfo
SendMessageToProtocolEngine
UninitializeProtocolEngine
UninitializeServerProtocolEngine

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup-pass-2024/Setup.exe
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 67KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Setup-pass-2024/Setup.ini
Setup-pass-2024/SxsMigPlugin.dll
Setup-pass-2024/addins/FXSEXT.ecf
Setup-pass-2024/bcastdvr/KnownGameList.bin
Setup-pass-2024/bcastdvr/broadcastpause720.h264
Setup-pass-2024/data0.bin
.exe windows:5 windows x86 arch:x86

75e9596d74d063246ba6f3ac7c5369a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup-pass-2024/sxs.dll

Sharing

General

Malware Config

Signatures

Files

Password: infected

36f8d9de1f40b0b25d61ecca3a798822

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-1

dsrole

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

ws2_32

rpcrt4

netutils

wkscli

crypt32

dnsapi

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

cryptsp

rasapi32

rtutils

eappcfg

eappprxy

rasman

api-ms-win-eventing-classicprovider-l1-1-0

iphlpapi

api-ms-win-security-lsapolicy-l1-1-0

nsi

dhcpcsvc

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 251KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 15KB - Virtual size: 14KB

Headers

DLL Characteristics

File Characteristics

Sections

Size: 382KB - Virtual size: 716KB

Size: 59KB - Virtual size: 208KB

Size: 1024B - Virtual size: 36KB

Size: 16KB - Virtual size: 27KB

Size: 67KB - Virtual size: 88KB

Size: 2KB - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 28KB

.themida Size: - Virtual size: 7.0MB

.boot Size: 4.8MB - Virtual size: 4.8MB

.reloc Size: 16B - Virtual size: 4KB

75e9596d74d063246ba6f3ac7c5369a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 252KB - Virtual size: 251KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 15KB - Virtual size: 14KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 28KB

.themida
Size: - Virtual size: 7.0MB

.boot
Size: 4.8MB - Virtual size: 4.8MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 209KB - Virtual size: 209KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 145KB

.didat
Size: 512B - Virtual size: 420B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 9KB - Virtual size: 9KB