blankgrabber | Blaze Pub[.]exe | Triage

Sharing

General

Target

Blaze Pub.exe
Size

27.6MB
MD5

8558bf697302ab97d9315b7336f4c5cf
SHA1

71bd8b6ffae9771c8a0853e38ff99dfea5bc4456
SHA256

3ff1f0d5269bdcd53e0b88dd3aba3a3d425ea7accb92426bbdfdbe418f88dded
SHA512

fb26381523c9329b0fce7f7bce3b87878283a9de75b86463e915bbf3a9bc46bf16fa6dfd7dac92c7d2a1d1c82659192c55eb27d75158deaf4bef1dbb1c718b53
SSDEEP

196608:WFK4s0TfLOdo/Tw0+eNTfm/pf+xk4dWRatrbWOjgKl:WFK4Z7LpTy/pWu4kRatrbvMKl

Score

10^/10

themida blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack001/o��Z.pyc	blankgrabber

Blankgrabber family
blankgrabber

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Blaze Pub.exe

Files

Blaze Pub.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 34KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
o��Z.pyc