OvixBundle[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

OvixBundle.zip
Size

11.2MB
MD5

d19abb73af83c1f9947aa34da65630ab
SHA1

3bb06ff2d660de0fd84d0611b0802c5e6ec5ab22
SHA256

82e683f12fbd3566d201a35eedc56331c3686e90b1031d0d26d15d8ce43e781c
SHA512

9c95b9fff26caaaab8f46d7eb9f5521279765f0c4f66c73ca19893d5daf0e16f346ad4a5e42d1f167217ecf91b7121986560c3b9035178801cb3699f2cf7a5c6
SSDEEP

196608:7rNO3VlGzzgAI1nLhpS9ftjPan5MuHC7SguhkrNtQUDntz+OmC/nLKAljgqaWzCd:7rw3fGHgAULGHanHi7SguMtjDtz3D/Lu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/OvixBundle/Ovix/GTA/Ovix.dll	themida
static1/unpack001/OvixBundle/OvixGTALauncher.exe	themida

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OvixBundle/Ovix/GTA/Ovix.dll
unpack001/OvixBundle/OvixGTALauncher.exe

Files

OvixBundle.zip
.zip

Password: 82ijasdf0jkl28#*@#4
OvixBundle/Ovix/GTA/Ovix.dll
.dll windows:6 windows x64 arch:x64

Password: 82ijasdf0jkl28#*@#4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

Size: 1.4MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 560KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 50KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 64KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 6KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
OvixBundle/Ovix/GTA/headers/ovix.png
.png

Password: 82ijasdf0jkl28#*@#4
OvixBundle/Ovix/GTA/translations/Chinese.json
OvixBundle/Ovix/GTA/translations/English.json
OvixBundle/OvixGTALauncher.exe
.exe windows:6 windows x64 arch:x64

Password: 82ijasdf0jkl28#*@#4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 394KB - Virtual size: 771KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 74KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 110KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
OvixBundle/README.txt
OvixBundle/localappdata.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: 82ijasdf0jkl28#*@#4

Password: 82ijasdf0jkl28#*@#4

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.4MB - Virtual size: 3.9MB

Size: 560KB - Virtual size: 1.4MB

Size: 50KB - Virtual size: 671KB

Size: 64KB - Virtual size: 111KB

Size: 512B - Virtual size: 480B

Size: 6KB - Virtual size: 33KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 6.1MB

.boot Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 16B - Virtual size: 4KB

Password: 82ijasdf0jkl28#*@#4

Password: 82ijasdf0jkl28#*@#4

Headers

DLL Characteristics

File Characteristics

Sections

Size: 394KB - Virtual size: 771KB

Size: 74KB - Virtual size: 196KB

Size: 110KB - Virtual size: 154KB

Size: 20KB - Virtual size: 33KB

Size: 512B - Virtual size: 488B

Size: 1024B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 6.1MB

.boot
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 16B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 16B - Virtual size: 4KB