ligma ballr (1)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ligma ballr (1).rar
Size

8.4MB
MD5

0f20eefce9c1b084463a9969613404c1
SHA1

b5c32717de4837e0f9fa1952f8648aab5eeaed6c
SHA256

eef352968fb0dd06cf26e3afed372044523a5e8bb6d73ccd10708acf2b201d0d
SHA512

796a553ebea3f253894145b1692c7f90a4d953e2bcb6f9f2335616544a88d015b0b9f6e850c3c633a4ca3a25ff54ac799032e26fe47d50ed2248383c2aadeb43
SSDEEP

196608:2kk4j5R1y5il+ztFidN++YEuQK2xpLWQhB57tj+61hgAbioj:kqu5Fi+N2fWaB59zF

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/ArkaInjector.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ArkaAPI.dll
unpack001/ArkaInjector.exe
unpack001/balz.exe

Files

ligma ballr (1).rar
.rar
ArkaAPI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

;.v* u"
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
ArkaInjector.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DotNetRuntimeDebugHeader

Sections

Size: 317KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.3MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 150KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Monaco/Monaco.html
.js
Monaco/base.txt
Monaco/classfunc.txt
Monaco/globalf.txt
Monaco/globalns.txt
Monaco/globalv.txt
Monaco/vs/base/worker/workerMain.js
.js
Monaco/vs/basic-languages/bat/bat.js
Monaco/vs/basic-languages/coffee/coffee.js
Monaco/vs/basic-languages/cpp/cpp.js
Monaco/vs/basic-languages/csharp/csharp.js
Monaco/vs/basic-languages/csp/csp.js
Monaco/vs/basic-languages/css/css.js
Monaco/vs/basic-languages/dockerfile/dockerfile.js
Monaco/vs/basic-languages/fsharp/fsharp.js
Monaco/vs/basic-languages/go/go.js
Monaco/vs/basic-languages/handlebars/handlebars.js
.js
Monaco/vs/basic-languages/html/html.js
.js
Monaco/vs/basic-languages/ini/ini.js
Monaco/vs/basic-languages/java/java.js
Monaco/vs/basic-languages/less/less.js
Monaco/vs/basic-languages/lua/lua.js
Monaco/vs/basic-languages/markdown/markdown.js
.js
Monaco/vs/basic-languages/msdax/msdax.js
Monaco/vs/basic-languages/mysql/mysql.js
Monaco/vs/basic-languages/objective-c/objective-c.js
Monaco/vs/basic-languages/pgsql/pgsql.js
Monaco/vs/basic-languages/php/php.js
Monaco/vs/basic-languages/postiats/postiats.js
Monaco/vs/basic-languages/powershell/powershell.js
Monaco/vs/basic-languages/pug/pug.js
Monaco/vs/basic-languages/python/python.js
Monaco/vs/basic-languages/r/r.js
Monaco/vs/basic-languages/razor/razor.js
.js
Monaco/vs/basic-languages/redis/redis.js
Monaco/vs/basic-languages/redshift/redshift.js
Monaco/vs/basic-languages/ruby/ruby.js
Monaco/vs/basic-languages/rust/rust.js
Monaco/vs/basic-languages/sb/sb.js
Monaco/vs/basic-languages/scss/scss.js
Monaco/vs/basic-languages/solidity/solidity.js
Monaco/vs/basic-languages/sql/sql.js
Monaco/vs/basic-languages/st/st.js
Monaco/vs/basic-languages/swift/swift.js
Monaco/vs/basic-languages/vb/vb.js
Monaco/vs/basic-languages/xml/xml.js
Monaco/vs/basic-languages/yaml/yaml.js
Monaco/vs/editor/contrib/suggest/media/String_16x.svg
Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Monaco/vs/editor/editor.main.css
Monaco/vs/editor/editor.main.js
.js
Monaco/vs/editor/editor.main.nls.de.js
Monaco/vs/editor/editor.main.nls.es.js
Monaco/vs/editor/editor.main.nls.fr.js
Monaco/vs/editor/editor.main.nls.it.js
Monaco/vs/editor/editor.main.nls.ja.js
Monaco/vs/editor/editor.main.nls.js
Monaco/vs/editor/editor.main.nls.ko.js
Monaco/vs/editor/editor.main.nls.ru.js
Monaco/vs/editor/editor.main.nls.zh-cn.js
Monaco/vs/editor/editor.main.nls.zh-tw.js
Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Monaco/vs/language/css/cssMode.js
.js
Monaco/vs/language/css/cssWorker.js
.js
Monaco/vs/language/html/htmlMode.js
.js
Monaco/vs/language/html/htmlWorker.js
.js
Monaco/vs/language/json/jsonMode.js
.js
Monaco/vs/language/json/jsonWorker.js
.js
Monaco/vs/language/typescript/lib/typescriptServices.js
.js
Monaco/vs/language/typescript/tsMode.js
.js
Monaco/vs/language/typescript/tsWorker.js
.js
Monaco/vs/loader.js
.js
balz.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Hiltunen\source\repos\balz\balz\obj\Debug\balz.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
balz.exe.config
balz.pdb

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

;.v* u" Size: 30KB - Virtual size: 29KB

.text Size: 36KB - Virtual size: 35KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 317KB - Virtual size: 726KB

Size: 1.3MB - Virtual size: 3.1MB

hydrated Size: - Virtual size: 1.2MB

Size: 1.3MB - Virtual size: 2.6MB

Size: 7KB - Virtual size: 121KB

Size: 150KB - Virtual size: 260KB

Size: 1024B - Virtual size: 1KB

Size: 2KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.themida Size: - Virtual size: 6.4MB

.boot Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 16B - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 136KB - Virtual size: 135KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

;.v* u"
Size: 30KB - Virtual size: 29KB

.text
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 12B

hydrated
Size: - Virtual size: 1.2MB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.themida
Size: - Virtual size: 6.4MB

.boot
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 135KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B