FunCheker[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

FunCheker.rar
Size

26.6MB
MD5

0ab344026d4bd7a3d18167aa7e68ad4f
SHA1

31d8107ee0e72d6a8d163fb7ecf9edb79f3aacbc
SHA256

9bb8815875acf5a14f4060efdc63215850799a4c21cd5c805d2859fbe4e8e9d3
SHA512

e034b813e84d6449443bb7f0ab30be524432185d05f8322edc5557dc5f5bd8739d8be1f6e358874f5b3fd0d339e70a2f56421e09d07a46d6f24049dea80e3f56
SSDEEP

393216:S+eSklAUIVclN4qr+6XWK4Rp5Yh/8HI19VBxYB2oYnBcqxLGKnN8afdoJ9IT:d9ZUIVcxqK4RCEcVBxsYn3x9NdoJ9U

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/FunCheker.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FunCheker.exe

Files

FunCheker.rar
.rar

Password: 123
FunCheker.exe
.exe windows:5 windows x86 arch:x86

Password: 123

cf88532bfc5c381beade1563fb3eea9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

mscoree

_CorExeMain

Sections

Size: - Virtual size: 13.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d']
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.kp|
Size: - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^1I
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.B6v
Size: 26.6MB - Virtual size: 26.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

cf88532bfc5c381beade1563fb3eea9e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscoree

Sections

Size: - Virtual size: 13.0MB

Size: - Virtual size: 1KB

Size: - Virtual size: 12B

.idata Size: - Virtual size: 8KB

.d'] Size: - Virtual size: 8KB

.themida Size: - Virtual size: 5.7MB

.boot Size: - Virtual size: 3.4MB

.kp| Size: - Virtual size: 5.4MB

.^1I Size: 1024B - Virtual size: 856B

.B6v Size: 26.6MB - Virtual size: 26.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.idata
Size: - Virtual size: 8KB

.d']
Size: - Virtual size: 8KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: - Virtual size: 3.4MB

.kp|
Size: - Virtual size: 5.4MB

.^1I
Size: 1024B - Virtual size: 856B

.B6v
Size: 26.6MB - Virtual size: 26.6MB

.rsrc
Size: 1KB - Virtual size: 1KB