ArkaInjector1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ArkaInjector1.exe
Size

17.1MB
MD5

8366a660f4020efc753085750c090392
SHA1

44f54c783c859f8e2c9784797ea048e5afd365d3
SHA256

50d9e98a56eaaeed47e0477b98a749f76223184303851d8855f056ca09fdbb1f
SHA512

1c16150a78b5f8dadb4e87969517094e19594da448f04069689f28f67c9524c92857a8e6caa8d23fd8e44caaae580579257abe765736655be70235a4306848ee
SSDEEP

196608:8lmHWNVkItpm/le3JGVVFRSV7qmEKesRNoBKSUQWJzhEEO3CWuv3J09:8l1NK+pm/osVHmxEKeobeHCWuPJ09

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ArkaInjector1.exe

Files

ArkaInjector1.exe
.exe windows:6 windows x64 arch:x64

Password: 123

371c12917bbfecbde7a0271c9ffafe4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
EncodePointer
DecodePointer
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
RtlLookupFunctionEntry

ws2_32

shutdown
setsockopt
send
WSAConnect
WSASocketW
select
recv
listen
ioctlsocket
getsockopt
getsockname
getpeername
bind
WSASend
WSARecv
closesocket
GetNameInfoW
GetAddrInfoW
FreeAddrInfoW
WSAGetOverlappedResult
GetAddrInfoExW
WSAStartup
WSACleanup
FreeAddrInfoExW
WSAEventSelect
WSAIoctl
accept

ucrtbase

_strtoui64
calloc
malloc
_callnewh
_set_new_mode
free
_configthreadlocale
__setusermatherr
log2
ceil
floor
pow
modf
_register_thread_local_exe_atexit_callback
_cexit
__p___wargv
__p___argc
_Exit
exit
abort
_c_exit
_initterm_e
_crt_atexit
_initterm
_register_onexit_function
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
terminate
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_set_fmode
__p__commode
wcsncmp
strcmp
_stricmp
strcpy_s

bcrypt

BCryptEncrypt
BCryptGetProperty
BCryptSetProperty
BCryptCreateHash
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptImportKeyPair
BCryptFinishHash
BCryptImportKey
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptDestroyKey
BCryptExportKey

ncrypt

NCryptOpenKey
NCryptSetProperty
NCryptFreeObject
NCryptImportKey
NCryptGetProperty
NCryptOpenStorageProvider
NCryptDeleteKey

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoCreateGuid
CoWaitForMultipleHandles

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 726KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.6MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 23KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 261KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.SCY
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 123

371c12917bbfecbde7a0271c9ffafe4e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

ucrtbase

bcrypt

ncrypt

ole32

Exports

Exports

Sections

.text Size: 726KB - Virtual size: 728KB

Size: 3.1MB - Virtual size: 3.1MB

hydrated Size: - Virtual size: 1.2MB

Size: 2.6MB - Virtual size: 2.7MB

Size: 23KB - Virtual size: 124KB

Size: 261KB - Virtual size: 264KB

Size: 1KB - Virtual size: 4KB

Size: 4KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: 6.4MB - Virtual size: 6.4MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 512B - Virtual size: 4KB

.SCY Size: 4KB - Virtual size: 4KB

.text
Size: 726KB - Virtual size: 728KB

hydrated
Size: - Virtual size: 1.2MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: 6.4MB - Virtual size: 6.4MB

.boot
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 512B - Virtual size: 4KB

.SCY
Size: 4KB - Virtual size: 4KB