main_setup_pass_1234[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

main_setup_pass_1234.zip
Size

5.9MB
MD5

0e471181646e3d7ac11efc990ed22c08
SHA1

633f59b9c7e28e45ea7144c0ad5aab9195458601
SHA256

71b350eea45226b852a9eb55e9189db53f4dedc00a330da768930f8ccf1d66f9
SHA512

d22d63a4dcde3d48d98549e993a1c325d9884e41978dc4eb4f60f4c21c13dbdc70eb491fdd37785d47dad669832763f9f4d88fae37771660de7718b8e18cee43
SSDEEP

98304:h2WykJkez7THEs4WIKAjISCk1YFnNJd43rynMBH55xN7b+BQ:h2WypenTks4BKAjIS8fJda2nMTTN7b+q

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Main_Setup_Pass_1234/Setup.exe	themida

Files

main_setup_pass_1234.zip
.zip
Main_Setup_Pass_1234/Setup.exe
.exe windows x86

e40757489f9bf9a0a0c1e0329f45b1df

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/03/2020, 00:00

Not After

15/03/2023, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:7c:15:6b:0f:93:c3:7f:7e:24:8c:d5:7b:cb:2d:c9:55:9e:91:d9:02:6f:43:c4:f3:59:f2:ca:54:cd:a0:7c
Signer

Actual PE Digest

1c:7c:15:6b:0f:93:c3:7f:7e:24:8c:d5:7b:cb:2d:c9:55:9e:91:d9:02:6f:43:c4:f3:59:f2:ca:54:cd:a0:7c

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

11/06/2022, 13:36
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

z/i/p0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

z/i/p1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e40757489f9bf9a0a0c1e0329f45b1df

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

1c:7c:15:6b:0f:93:c3:7f:7e:24:8c:d5:7b:cb:2d:c9:55:9e:91:d9:02:6f:43:c4:f3:59:f2:ca:54:cd:a0:7cSigner

Signature Validations

Verification

11/06/2022, 13:36 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

Size: 17KB - Virtual size: 41KB

Size: 3KB - Virtual size: 6KB

Size: 512B - Virtual size: 5KB

Size: 4KB - Virtual size: 5KB

Size: 331KB - Virtual size: 330KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 2.9MB

.boot Size: 1.4MB - Virtual size: 1.4MB

Size: 1KB - Virtual size: 1KB

z/i/p0 Size: 1.5MB - Virtual size: 1.5MB

z/i/p1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 331KB - Virtual size: 330KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

1c:7c:15:6b:0f:93:c3:7f:7e:24:8c:d5:7b:cb:2d:c9:55:9e:91:d9:02:6f:43:c4:f3:59:f2:ca:54:cd:a0:7c
Signer

11/06/2022, 13:36
Valid: true

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 2.9MB

.boot
Size: 1.4MB - Virtual size: 1.4MB

z/i/p0
Size: 1.5MB - Virtual size: 1.5MB

z/i/p1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 331KB - Virtual size: 330KB