Static task
static1
Behavioral task
behavioral1
Sample
6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
Resource
win10v2004-20220414-en
General
-
Target
6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0
-
Size
3.2MB
-
MD5
ab8e9ac36f014b3e59d38f5a41dd5abe
-
SHA1
b040fed81d9d11384d8f972e51fb946128ddc398
-
SHA256
6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0
-
SHA512
7004299e4eda607bac1ca3b89a38ff9e23065e0601269f03b699788bd39f858ac24aef0bd84690aafb24b76a52ee945635e56c06742f4f08b7f109c001c6f269
-
SSDEEP
24576:ps6ycQmU+zBplksS+VqvZ7Z9AUHq/scZpv+/pgphp0Pc2JU2TtRwnIjr/IuB8ZGO:A+rqrdq/0Pc21TtRrwJhKXYhi/2
Malware Config
Signatures
-
Processes:
resource yara_rule sample themida
Files
-
6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe windows x86
Code Sign
23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:ddCertificate
IssuerCN=Toshiba MQ01ABDxx 2.5 MQ01ABD050Not Before20-06-2022 19:19Not After21-06-2032 19:19SubjectCN=Toshiba MQ01ABDxx 2.5 MQ01ABD05090:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11-05-2022 00:00Not After10-08-2033 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
00:b2:2b:7c:73:a7:55:63:41:cd:b0:a0:72:9d:bd:18:37:54:bf:fa:91:3e:b7:9d:42:7b:d8:e0:ce:67:0d:b3Signer
Actual PE Digest00:b2:2b:7c:73:a7:55:63:41:cd:b0:a0:72:9d:bd:18:37:54:bf:fa:91:3e:b7:9d:42:7b:d8:e0:ce:67:0d:b3Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Toshiba MQ01ABDxx 2.5 MQ01ABD05016-06-2022 11:53 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 13KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 12B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 165KB - Virtual size: 164KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE