Styx[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Styx.zip
Size

4.3MB
MD5

46cdfa42a63b36e0c1fcf17ede4d4b6e
SHA1

5720226a7677841104cb63bc10406105b4b0bb56
SHA256

1e4fab464f298a1893ef851f9abb0434a79c1b8b47dbbb86020b45658f43cb29
SHA512

f21cf44060b2f9c91679bb0498ff9650b4dcbb6c1155c0674bbac83f9db0a7275750fc9d431084d075e813a2672099aa6f6c22d10b42ee0fb6759753430ee06a
SSDEEP

49152:FKpWEPCeUn9jEqd5poVV7FX9BQXYjuzlMwxOe/4KMjytGXimD8sejeTnxRS5boEh:UfPQ9jE04PFX9HjuzeywaTbrotedkO

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack002/Styx Client Latest.dll	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Styx Client Latest.dll
unpack002/Styx Old.dll

Files

Styx.zip
.zip
Styx.rar
.rar
Styx Client Latest.dll
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

Size: 342KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 405KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 782B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 267B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Styx Old.dll
.dll windows:6 windows x64 arch:x64

2448bc5d377a8bcafaea9c134039b45d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\zuken\OneDrive\Bureau\slinky old(source)\minion\minion\x64\Release\minion.pdb

Imports

opengl32

glPushAttrib
glOrtho
glPixelStorei
glShadeModel
glPushMatrix
glDisable
glDrawElements
glTexEnvi
glColorPointer
glTexImage2D
glGetTexEnviv
glTexCoordPointer
glDeleteTextures
glTexParameteri
glLoadIdentity
glBlendFunc
glMatrixMode
glDisableClientState
glScissor
glEnable
glVertexPointer
glGenTextures
glBindTexture
glPolygonMode
glPopAttrib
glEnableClientState
glViewport
glPopMatrix
glGetIntegerv

kernel32

InitOnceBeginInitialize
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitOnceComplete
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
OpenThread
SetThreadContext
FlushInstructionCache
RtlCaptureContext
TerminateProcess
InitializeSListHead
GetModuleHandleA
Sleep
GetProcAddress
CreateThread
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetCurrentProcessId
CloseHandle
HeapAlloc
HeapDestroy
GetThreadContext
HeapReAlloc

user32

ScreenToClient
ClientToScreen
GetKeyboardLayout
LoadCursorW
SetCursor
GetClientRect
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetMessageW
PostMessageW
CallNextHookEx
SetWindowLongPtrA
GetForegroundWindow
GetAsyncKeyState
FindWindowW
GetKeyState
GetWindowRect
CallWindowProcA
FindWindowA
SetWindowsHookExW
TranslateMessage
UnhookWindowsHookEx
DispatchMessageW

msvcp140

?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
_Xtime_get_ticks
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Thrd_sleep
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter

imm32

ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
ImmReleaseContext

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
__std_exception_copy
__std_type_info_destroy_list
memset
_CxxThrowException
__C_specific_handler
__std_exception_destroy
memmove
memcpy
memcmp
memchr
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
abort

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__acrt_iob_func
__stdio_common_vsscanf
fflush
fclose
_wfopen
fwrite
fseek
fread
__stdio_common_vfprintf
ftell

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strncpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

atan2
atan2f
ceilf
cosf
acosf
pow
powf
sinf
sqrt
sqrtf
fmodf

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

Size: 342KB - Virtual size: 723KB

Size: 405KB - Virtual size: 2.6MB

Size: 782B - Virtual size: 41KB

Size: 16KB - Virtual size: 28KB

Size: 267B - Virtual size: 480B

Size: 1KB - Virtual size: 5KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.4MB - Virtual size: 3.4MB

.reloc Size: 16B - Virtual size: 4KB

2448bc5d377a8bcafaea9c134039b45d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

kernel32

user32

msvcp140

imm32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 1KB - Virtual size: 7KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1024B - Virtual size: 608B

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.4MB - Virtual size: 3.4MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 1KB - Virtual size: 7KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 608B