unpacked_Injector[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

unpacked_Injector.exe
Size

9.3MB
MD5

54a6059096e8c1cc37133a2cd7c686b1
SHA1

6a32c0a8f666a72e1cd5ee9a4ad7530238f779ff
SHA256

9a758cdeb3a4e92d2351b000a8fa64d228c385dc00c3a09e87b1d42d6e2848bb
SHA512

e0de3c8259658958687aa2764d3b53a12e21f102f5e3e3838fd8801dcbef60a9106aaf1f7f64bf14caec07a99ca30e23a2bd8cee78051a1e71e3ccb526a494c8
SSDEEP

98304:UGqVjG4WIT26HcoNgpwBive4n/MnJrJ4DohYWVTJNkIZZ2R6vsmA+FDq:UHVTa68ppwoW4n/MlJ42DVtS4EHmA+U

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpacked_Injector.exe

Files

unpacked_Injector.exe
.exe windows:6 windows x64 arch:x64

08ae9450672f6a5b908c4cf9665944e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegEnumValueW
RegOpenKeyW

kernel32

Sleep
VirtualProtectEx
ReadProcessMemory
CreateFileW
CreateFileMappingW
MapViewOfFile
CloseHandle
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
WriteProcessMemory
CreateToolhelp32Snapshot
Module32FirstW
Process32FirstW
Process32NextW
OpenProcess
GetCommandLineW
MultiByteToWideChar
QueryFullProcessImageNameW
GetModuleFileNameW
GetFileAttributesW
GetCurrentProcess
lstrlenW
GetLastError
QueryPerformanceCounter
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetLocaleInfoEx
FormatMessageA
LocalFree
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcessId
GetCurrentThreadId

msvcp140

?_Syserror_map@std@@YAPEBDH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z

shell32

CommandLineToArgvW

vcruntime140

_CxxThrowException
__C_specific_handler
wcsrchr
__std_exception_destroy
__current_exception_context
__current_exception
__std_terminate
memchr
memcpy
memcpy
memset
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

ucrtbase

atoi
wcstoul
_set_new_mode
free
malloc
_callnewh
_configthreadlocale
__setusermatherr
ceilf
terminate
_errno
_invalid_parameter_noinfo_noreturn
exit
_c_exit
_Exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p__commode
_set_fmode
_wcsicmp
wcstok_s
towlower

Sections

.text
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 18KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

08ae9450672f6a5b908c4cf9665944e4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp140

shell32

vcruntime140

vcruntime140_1

ucrtbase

Sections

.text Size: 89KB - Virtual size: 92KB

Size: 2KB - Virtual size: 4KB

Size: 18KB - Virtual size: 24KB

Size: 1024B - Virtual size: 4KB

Size: 4KB - Virtual size: 8KB

Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: 5.9MB - Virtual size: 5.9MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 3KB - Virtual size: 4KB

.text
Size: 89KB - Virtual size: 92KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: 5.9MB - Virtual size: 5.9MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 3KB - Virtual size: 4KB