Loader_protected[.]vmp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Loader_protected.vmp.exe
Size

9.1MB
MD5

784bfae4c47e8e670b92af01b2de7ea9
SHA1

3754f60496a7446fedfbb73f13983cbec7eb3dc1
SHA256

434ef6132fad04f6fe8619f30995882b9dc8105700051de58a20b0a643ab0b94
SHA512

0ee3def5f6b24ed510c2d13415f30dc97e1ef4d8d06c65a61b1e86e4b3dd08c32bbf079ff0a2e9787f0e2000a43b72d634576eb7d2c397e7f19b50f04489175c
SSDEEP

196608:g02+BbDd3s8RoCF6yVlN0zRxsWXCu3m8fA2UtysA2Nd7hcmB2k:giB3F6yi/yu3m8ojts2f7D

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader_protected.vmp.exe

Files

Loader_protected.vmp.exe
.exe windows:5 windows x86 arch:x86

09e080c3c89f0993896eec5735ddc1de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
LoadLibraryW
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

mscoree

_CorExeMain

user32

MessageBoxW
CharUpperBuffW

Sections

Size: 34KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 17B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09e080c3c89f0993896eec5735ddc1de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

user32

Sections

Size: 34KB - Virtual size: 64KB

Size: 63KB - Virtual size: 63KB

Size: 5.4MB - Virtual size: 5.4MB

Size: 1KB - Virtual size: 4KB

Size: 17B - Virtual size: 16B

Size: 15B - Virtual size: 12B

.imports Size: 512B - Virtual size: 8KB

.vmp0 Size: 4KB - Virtual size: 8KB

.themida Size: - Virtual size: 5.3MB

.boot Size: 3.1MB - Virtual size: 3.1MB

.taggant Size: 8KB - Virtual size: 8KB

.vmp1 Size: 382KB - Virtual size: 382KB

.vmp2 Size: 63KB - Virtual size: 63KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 4KB

.imports
Size: 512B - Virtual size: 8KB

.vmp0
Size: 4KB - Virtual size: 8KB

.themida
Size: - Virtual size: 5.3MB

.boot
Size: 3.1MB - Virtual size: 3.1MB

.taggant
Size: 8KB - Virtual size: 8KB

.vmp1
Size: 382KB - Virtual size: 382KB

.vmp2
Size: 63KB - Virtual size: 63KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 4KB