General
-
Target
unpacked_JsK8geyM.rar
-
Size
23.1MB
-
MD5
611ade2c54980523303a81fa23aff905
-
SHA1
d348f32dadf93593bcf55569aa0885aaafe40265
-
SHA256
b9be27c29c1cbae6dcd7428af53b1026b4b883d2a2cabd82fe4369a31f9ff461
-
SHA512
2d1f46b3e077c1ca78c7f9dd2fc26276911dc829b6a4ccd52d8ac849a1433b29132d094d17e439b20cf7f6058581903cfe9210ed75556fc1d48398375f1512e9
-
SSDEEP
393216:wXeanKdAPe4B3d80QZjFGmdEWHxVPgwEseNfWFXaIkhwU8o5eN8WPO0kqxrOF:ORnBm10ovgJNf6aRKgh0kTF
Malware Config
Signatures
-
resource yara_rule static1/unpack001/unpacked_JsK8geyM.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/unpacked_JsK8geyM.exe
Files
-
unpacked_JsK8geyM.rar.rar
-
unpacked_JsK8geyM.exe.exe windows:6 windows x64 arch:x64
4e8e753585ccc36ceb3b83da0fc4ad95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
CryptGenRandom
RegOpenKeyExA
RegDeleteTreeA
InitiateShutdownA
RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
RegDeleteValueA
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExA
RegSetValueExA
comctl32
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy
comdlg32
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW
crypt32
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
gdi32
SaveDC
GetClipBox
SetViewportOrgEx
RestoreDC
CreateBitmap
GetFontUnicodeRanges
EnumFontFamiliesExW
CreateFontW
GetObjectA
GetGlyphIndicesW
CreateSolidBrush
SetLayout
GetStockObject
GetDIBits
GetDeviceCaps
GetObjectW
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
EndDoc
CreateDCW
DeleteDC
DeleteObject
StretchDIBits
EndPage
AddFontMemResourceEx
StartPage
SetMapMode
StartDocW
ScriptPlace
ScriptShape
ScriptFreeCache
ScriptItemize
ScriptBreak
ScriptApplyDigitSubstitution
imm32
ImmGetContext
ImmIsIME
ImmNotifyIME
ImmAssociateContextEx
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCandidateWindow
kernel32
GetFileTime
SetFileTime
CopyFileA
MoveFileA
DeviceIoControl
SetHandleInformation
CreatePipe
WaitForSingleObject
GetExitCodeProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
SetLastError
FormatMessageW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
SleepConditionVariableCS
TlsSetValue
ReleaseSemaphore
TryAcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
InitializeCriticalSection
InitOnceInitialize
ResumeThread
DuplicateHandle
CreateEventW
SetEvent
GetCurrentThread
TlsAlloc
GetNativeSystemInfo
CreateSemaphoreW
TlsGetValue
TlsFree
MulDiv
HeapFree
GetLocaleInfoW
GlobalSize
HeapAlloc
GlobalLock
GetProcessHeap
GlobalUnlock
LoadLibraryExW
GetTempPathA
GetTempFileNameA
CompareStringW
GetSystemDefaultLCID
GetFullPathNameW
GetModuleFileNameW
GetUserDefaultLCID
GetNumberFormatW
GetCurrencyFormatW
GetTimeFormatW
GetComputerNameW
GetDateFormatW
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
SetEnvironmentVariableW
GetConsoleTitleW
SizeofResource
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
MoveFileExA
GetEnvironmentStringsW
OutputDebugStringW
FormatMessageA
DebugBreak
lstrlenW
LocalAlloc
GlobalAlloc
GlobalFree
LocalSize
GetCPInfo
ExitProcess
GetFileAttributesW
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
CancelIo
RegisterWaitForSingleObject
UnregisterWait
CancelIoEx
SwitchToThread
SetConsoleCtrlHandler
CreateDirectoryW
GetFileInformationByHandleEx
GetDiskFreeSpaceW
RemoveDirectoryW
ReOpenFile
CreateHardLinkW
GetFileInformationByHandle
SetFilePointerEx
CopyFileW
CreateSymbolicLinkW
FlushFileBuffers
GetConsoleMode
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetNamedPipeHandleState
CreateNamedPipeA
CreateNamedPipeW
QueueUserWorkItem
CancelSynchronousIo
GetNamedPipeHandleStateW
WaitNamedPipeW
ConnectNamedPipe
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
VirtualFree
VirtualAlloc
lstrcmpW
SetThreadPriority
HeapReAlloc
CreateThread
GetStartupInfoW
GetThreadPriority
LockResource
IsProcessorFeaturePresent
SleepConditionVariableSRW
AreFileApisANSI
SetFileAttributesW
GetFileAttributesExW
FindFirstFileExW
GetLocaleInfoEx
LoadResource
LocalFree
GetModuleHandleA
GetModuleFileNameA
CreateProcessA
GetCommandLineW
FreeConsole
AllocConsole
WideCharToMultiByte
Sleep
TerminateProcess
GetCurrentProcess
CloseHandle
WriteFile
SetFilePointer
ReadFile
CreateFileA
LoadLibraryA
DeleteFileA
MultiByteToWideChar
GetSystemTimeAsFileTime
FindResourceW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
DecodePointer
GetLogicalDrives
GetExitCodeThread
RtlPcToFileHeader
RaiseException
EncodePointer
LCMapStringEx
CompareStringEx
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlUnwindEx
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
HeapSize
SetStdHandle
GetConsoleOutputCP
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsValidLocale
EnumSystemLocalesW
DeleteFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentVariableW
GetCommandLineA
oleacc
LresultFromObject
AccessibleObjectFromWindow
oleaut32
SysAllocStringLen
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
shell32
SHGetImageList
SHCreateStdEnumFmtEtc
ShellExecuteW
SHBrowseForFolderA
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteA
CommandLineToArgvW
SHGetMalloc
SHGetPathFromIDListA
SHGetFileInfoW
shlwapi
PathFileExistsW
PathFileExistsA
SHDeleteKeyA
PathIsRelativeW
user32
PostThreadMessageW
GetQueueStatus
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
UpdateLayeredWindow
SetCaretPos
CreateCaret
GetKeyboardLayout
FindWindowW
DestroyCaret
GetIconInfo
CreateIconIndirect
DrawIconEx
GetMenu
GetMenuItemCount
SetMenu
InsertMenuW
RemoveMenu
CreateMenu
MessageBoxW
SetActiveWindow
DestroyCursor
MessageBeep
GetDoubleClickTime
SetScrollInfo
GetMessageW
DeferWindowPos
AdjustWindowRectEx
UnregisterHotKey
GetMessageExtraInfo
MessageBoxA
MapVirtualKeyW
MonitorFromPoint
GetWindow
GetFocus
ScreenToClient
CallNextHookEx
SetWindowTextW
NotifyWinEvent
GetScrollInfo
RegisterClassExW
GetActiveWindow
SetClassLongW
BeginDeferWindowPos
GetAsyncKeyState
GetCapture
ClientToScreen
IsChild
SetProcessDPIAware
GetWindowLongW
OpenClipboard
GetSysColor
GetDC
SystemParametersInfoW
PostQuitMessage
EnumDisplayDevicesW
TranslateMessage
CallMsgFilterW
PeekMessageW
GetMonitorInfoW
DispatchMessageW
MsgWaitForMultipleObjects
GetSystemMetrics
EnumDisplayMonitors
MonitorFromWindow
RegisterHotKey
UnhookWindowsHookEx
GetMessageTime
IsRectEmpty
SetFocus
LoadIconW
SetCapture
EndDeferWindowPos
EnumThreadWindows
SetWindowsHookExW
SetCursor
FlashWindowEx
SetWindowLongW
IsZoomed
GetClassLongW
KillTimer
IsWindowUnicode
RegisterClipboardFormatW
IsIconic
GetWindowTextW
GetWindowThreadProcessId
DefWindowProcW
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
SetWindowLongPtrW
CreateWindowExW
SendMessageW
UnregisterClassW
GetWindowLongPtrW
WindowFromPoint
GetWindowPlacement
ShowWindow
IsWindow
SetTimer
RegisterClassW
MapWindowPoints
GetForegroundWindow
IsWindowEnabled
MoveWindow
SetParent
AnimateWindow
CloseClipboard
EmptyClipboard
CountClipboardFormats
ReleaseDC
EnumClipboardFormats
GetKeyState
LoadCursorW
DestroyCursor
LoadCursorFromFileA
EnableWindow
EndPaint
BeginPaint
GetCursorPos
InvalidateRect
SetForegroundWindow
ReleaseCapture
UpdateWindow
GetParent
GetDesktopWindow
GetClientRect
PostMessageW
userenv
GetUserProfileDirectoryW
wininet
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpQueryInfoW
InternetSetOptionW
InternetErrorDlg
InternetReadFile
InternetQueryOptionW
HttpQueryInfoA
HttpOpenRequestA
winmm
timeBeginPeriod
timeGetTime
timeEndPeriod
timeKillEvent
timeSetEvent
winspool.drv
GetDefaultPrinterW
ws2_32
ioctlsocket
htons
getsockopt
getsockname
getpeername
connect
bind
sendto
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
FreeAddrInfoW
GetAddrInfoW
htonl
WSASend
shutdown
WSASocketW
WSASendTo
WSARecv
WSARecvFrom
recvfrom
FreeAddrInfoW
getaddrinfo
listen
htonl
accept
select
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
gethostname
__WSAFDIsSet
WSACleanup
WSAStartup
inet_pton
WSAIoctl
socket
WSASetLastError
recv
htons
setsockopt
gdiplus
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipSetPathGradientPresetBlend
GdipMultiplyLineTransform
GdipAddPathLine
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipAddPathRectangleI
GdipCreateBitmapFromGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipAddPathArcI
GdipDrawPie
GdipFillRectangleI
GdipAddPathArc
GdipCreatePen2
GdipDeleteGraphics
GdipClonePath
GdipSaveGraphics
GdipDrawImageRectRect
GdipDrawArc
GdipStartPathFigure
GdipGetImageWidth
GdipSetLineWrapMode
GdipSetLineTransform
GdipSetClipRect
GdipSetPathGradientCenterPoint
GdipFillRectanglesI
GdipCloneImage
GdipSetPenStartCap
GdipTranslateWorldTransform
GdipDeletePen
GdipCreateBitmapFromScan0
GdipSetPathFillMode
GdipCreatePen1
GdipDeleteMatrix
GdipBitmapUnlockBits
GdipDeleteBrush
GdipIsVisiblePathPoint
GdipRotateMatrix
GdipScaleMatrix
GdipAlloc
GdipCreateMatrix2
GdipAddPathBezier
GdipDisposeImageAttributes
GdipDeletePath
GdipCreatePathGradientFromPath
GdipCreateMatrix
GdipDisposeImage
GdipSetSmoothingMode
GdipEndContainer
GdipSetWorldTransform
GdipGetWorldTransform
GdipSetClipPath
GdipCreateLineBrush
GdipCreatePath
GdipSetPenMiterLimit
GdipSetLinePresetBlend
GdipSetInterpolationMode
GdipSetPathGradientWrapMode
GdipCreateSolidFill
GdipResetPath
GdipFillPie
GdipShearMatrix
GdipFillPath
GdipGetPathWorldBounds
GdipGetImageGraphicsContext
GdipMultiplyWorldTransform
GdipGraphicsClear
GdipSetPenDashStyle
GdipCreateFromHWND
GdipDrawLine
GdipAddPathLineI
GdipDrawRectangle
GdipSetPixelOffsetMode
GdipFillRectangle
GdipAddPathEllipse
GdipSetPageUnit
GdipSetClipRectI
GdipClosePathFigure
GdipTransformPoints
GdipGetSmoothingMode
GdipCreateImageAttributes
GdipFree
GdipSetCompositingQuality
GdipDrawPath
GdipTranslateMatrix
GdipBitmapLockBits
GdipSetPenLineJoin
GdipGetClipBoundsI
GdipCreateFromHDC
GdipFillEllipse
GdipSetPenEndCap
GdipBeginContainer2
GdipCreateTexture
GdipGetMatrixElements
GdipGetBrushType
GdipSetTextRenderingHint
GdipDrawEllipse
GdipGetSolidFillColor
GdipRestoreGraphics
GdipCloneBrush
GdipDrawImageI
GdipSetPenDashOffset
GdipSetPenDashArray
ole32
CoTaskMemFree
OleInitialize
CoCreateGuid
OleUninitialize
ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
DoDragDrop
StringFromCLSID
Sections
.text Size: 7.8MB - Virtual size: 7.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 162KB - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 260KB - Virtual size: 260KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 98KB - Virtual size: 100KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1024B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: 15.6MB - Virtual size: 15.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 10.0MB - Virtual size: 10.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
.SCY Size: 18KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE