winlocker1337 (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

winlocker1337 (1).exe
Size

28.9MB
MD5

b50cb23ab6484c65717db062b535fc06
SHA1

4a753e4854d6b94e4758f4949a36a4bdc17915c7
SHA256

b5a83c9fcb752a9f53cafb385ed1ee1de767176051993418d8172252a9ac2a5b
SHA512

0e7e665fedf1e0a15afafb15f50bc4baf4e924ea2a597803946db42d400abb74de8baea4761a2e76883081a25896e9f94cb5545e74e20e3c8520478f2f33315c
SSDEEP

393216:Hu+5BWbqP6EuFzFl9euGh0qZVWQntp7DkvgbqlFy6bYh/SgYwVoGzHomfQvQB6yG:pxS9SztdigR6bYbVHE5zHbRBvDQy1

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winlocker1337 (1).exe

Files

winlocker1337 (1).exe
.exe windows:6 windows x64 arch:x64

87f66e8050f3ef7627fa53f57b791a48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForMultipleObjects
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

RegisterClassExA

gdi32

DeleteObject

advapi32

RegQueryValueExW

shell32

ShellExecuteA

ole32

CoUninitialize

oleaut32

SysFreeString

msvcp140

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

d3d9

Direct3DCreate9

imm32

ImmSetCandidateWindow

dwmapi

DwmExtendFrameIntoClientArea

normaliz

IdnToAscii

wldap32

ord143

crypt32

CryptQueryObject

ws2_32

recv

rpcrt4

UuidToStringA

httpapi

HttpCreateServerSession

vcruntime140

__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_getpid

api-ms-win-crt-math-l1-1-0

_finite

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-stdio-l1-1-0

_open

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-filesystem-l1-1-0

_stat64

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

strspn

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 227KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 20.7MB - Virtual size: 20.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.themida
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87f66e8050f3ef7627fa53f57b791a48

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

d3dx9_43

d3d9

imm32

dwmapi

normaliz

wldap32

crypt32

ws2_32

rpcrt4

httpapi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 332KB - Virtual size: 332KB

.data Size: 227KB - Virtual size: 446KB

.pdata Size: 57KB - Virtual size: 56KB

.themida Size: 20.7MB - Virtual size: 20.7MB

.themida Size: 5KB - Virtual size: 5KB

.themida Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 332KB - Virtual size: 332KB

.data
Size: 227KB - Virtual size: 446KB

.pdata
Size: 57KB - Virtual size: 56KB

.themida
Size: 20.7MB - Virtual size: 20.7MB

.themida
Size: 5KB - Virtual size: 5KB

.themida
Size: 5.5MB - Virtual size: 5.5MB

.rsrc
Size: 512B - Virtual size: 480B