5b8194f18f1088d474f8928e8570aa7059883e743b438770da2900e6be26aa13[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

5b8194f18f1088d474f8928e8570aa7059883e743b438770da2900e6be26aa13.zip
Size

2.7MB
MD5

7168c40111d5ac180c6d73cc72b79fa6
SHA1

89d4ce89fab0874c006751718ed3a48a00524865
SHA256

c5c3fb95a7674e17b3d6edf8d5f012de99c968a0b13c42b9af3d67306ee86f2a
SHA512

97fded231ffbb56aff254703c97d9cfa59f8b3646318235af6332bb0438a49966bc16733e55801cfd0dc6873064359d9e3715974ee96ed3eea800597c84c2e0b
SSDEEP

49152:U8eiKeiyp95w+3M5/1Bbbrq/FDwBWzBDLl02vjeyYfihIphXnc3:UhiKei29q+3gBfsuWVldLgfiyphnO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/5b8194f18f1088d474f8928e8570aa7059883e743b438770da2900e6be26aa13	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5b8194f18f1088d474f8928e8570aa7059883e743b438770da2900e6be26aa13

Files

5b8194f18f1088d474f8928e8570aa7059883e743b438770da2900e6be26aa13.zip
.zip

Password: infected
5b8194f18f1088d474f8928e8570aa7059883e743b438770da2900e6be26aa13
.exe windows:6 windows x64 arch:x64

03b349c1c67616911877fac81da8878c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantClear

kernel32

GetCurrentPackageId
GetSystemTimePreciseAsFileTime
LoadLibraryA
WideCharToMultiByte
Sleep
GetFileAttributesA
GetModuleHandleA
ReadFile
MapViewOfFile
GetFileTime

kernelbase

FlsAlloc
FlsSetValue
InitializeCriticalSectionEx

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFolderPathA
SHGetFolderPathA

winhttp

WinHttpSendRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpReadData
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpQueryDataAvailable

user32

GetCursorPos

combase

CoCreateInstance

Sections

Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

03b349c1c67616911877fac81da8878c

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

kernelbase

advapi32

shell32

winhttp

user32

combase

Sections

Size: 1.6MB - Virtual size: 1.6MB

Size: 288KB - Virtual size: 288KB

Size: 48KB - Virtual size: 48KB

Size: 64KB - Virtual size: 64KB

Size: 4KB - Virtual size: 4KB

Size: 552KB - Virtual size: 552KB

Size: 12KB - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: 4KB - Virtual size: 4KB

.rsrc Size: 216KB - Virtual size: 216KB

.themida Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 6KB - Virtual size: 6KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 216KB - Virtual size: 216KB

.themida
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 6KB - Virtual size: 6KB