Pass_1234_Setup[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Pass_1234_Setup.rar
Size

5.3MB
MD5

a5d5cbd6d221b528f236857dd6dad09f
SHA1

31881992e6c5cabb710bc131de947f86c9f5d87e
SHA256

3b93d09292f2f38a0405954ff5c9a4697a2425fbcfad55d61782d4d055b2d9f7
SHA512

df3412ae30fce4bf0402fc16a95442535febbc5fce94c09c45c5c3819b10d135b80b31362f9b5d1d62d7f6746df8e590dffbb7fcaa0bf3a2bf914da3ee013e53
SSDEEP

98304:7utfYltEbV+UOSTezxmXJsliNj1ZSesTX+CyQhM+BuVRTen+X:7uSlyHxTIxGBRnSnT+BOJBu3TlX

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Setup.exe	themida

Files

Pass_1234_Setup.rar
.rar

Password: 1234
Locals/am.pak
Locals/ar.pak
Locals/fi.pak
Locals/fil.pak
Locals/fr.pak
Locals/he.pak
Locals/hr.pak
Locals/hu.pak
Locals/id.pak
Locals/lt.pak
Locals/lv.pak
Setup.exe
.exe windows x86

Password: 1234

e40757489f9bf9a0a0c1e0329f45b1df

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/03/2020, 00:00

Not After

15/03/2023, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:a1:a9:13:be:e2:bb:1e:11:31:1c:df:1a:50:44:07:f9:50:dd:f8:ca:05:3c:ae:40:f0:93:09:e4:ac:e6:59
Signer

Actual PE Digest

9b:a1:a9:13:be:e2:bb:1e:11:31:1c:df:1a:50:44:07:f9:50:dd:f8:ca:05:3c:ae:40:f0:93:09:e4:ac:e6:59

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

11/06/2022, 13:36
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetUserNameW

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cab@!<`
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cab@!<`
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cab@!<`
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fonts/Alakob.ttf
fonts/AlaskanNights.ttf
fonts/Arggotsc.ttf
fonts/Army Condensed.ttf
fonts/Army Expanded.ttf
fonts/Army Thin.ttf
fonts/Army Wide.ttf
fonts/Army.ttf
fonts/BELL.TTF
fonts/BELLB.TTF
fonts/BELLI.TTF
fonts/BOD_BI.TTF
fonts/BOD_BLAI.TTF
fonts/BOD_I.TTF
fonts/BOD_PSTC.TTF
fonts/CALISTB.TTF
fonts/CALISTBI.TTF
fonts/CENTAUR.TTF
fonts/Cabana-Regular.ttf
fonts/baby_csp.ttf
fonts/black.ttf
fonts/bold_0.ttf
fonts/browa.ttf
fonts/browau.ttf
fonts/browauz.ttf
fonts/browaz.ttf
fonts/deathrattlebb_reg.ttf

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

e40757489f9bf9a0a0c1e0329f45b1df

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

9b:a1:a9:13:be:e2:bb:1e:11:31:1c:df:1a:50:44:07:f9:50:dd:f8:ca:05:3c:ae:40:f0:93:09:e4:ac:e6:59Signer

Signature Validations

Verification

11/06/2022, 13:36 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

Sections

Size: 17KB - Virtual size: 41KB

Size: 3KB - Virtual size: 6KB

Size: 512B - Virtual size: 5KB

Size: 4KB - Virtual size: 5KB

.cab@!<` Size: 235KB - Virtual size: 234KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 2.1MB - Virtual size: 2.1MB

.cab@!<` Size: 1.3MB - Virtual size: 1.3MB

.cab@!<` Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 235KB - Virtual size: 234KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

9b:a1:a9:13:be:e2:bb:1e:11:31:1c:df:1a:50:44:07:f9:50:dd:f8:ca:05:3c:ae:40:f0:93:09:e4:ac:e6:59
Signer

11/06/2022, 13:36
Valid: true

.cab@!<`
Size: 235KB - Virtual size: 234KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 2.1MB - Virtual size: 2.1MB

.cab@!<`
Size: 1.3MB - Virtual size: 1.3MB

.cab@!<`
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 235KB - Virtual size: 234KB