e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227

Sharing

Copy URL

Twitter E-mail

General

Target

e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227
Size

7.6MB
MD5

57eb3b48fc86d1739c946a024270128f
SHA1

6fe9aa7ecfcdf575c033821d51ce5e9c7ba1b4bb
SHA256

e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227
SHA512

6f1e38e1bda51e08a6d3084677329690665a540f9ffbbd56c99c8343b5dd3182048359609cd4369e86609dc31e093b68af1e94515e5dff7cf44c7c83265aabfa
SSDEEP

196608:vZRZi3NiL1DPI5CoIsXnoNQAHYoYxEGaqzDc+mjECeayvGlXnqFeiLI:BC3oRA5VI2nTfomEGXDcfPty+l3qF78

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack002/Setup/Setup.exe	themida

Files

e42b4c09ae3105de7d09722b26d60fa1268771d46907c36e2dbc57b4f8a22227
.rar .zip

Password: 55555
Full_Updated_Setup__PASWD__55555_[v1658759661]/password___55555.txt
Full_Updated_Setup__PASWD__55555_[v1658759661]/setup_file.zip
.zip

Password: 55555
Setup/Locals/fi.pak
Setup/Locals/fil.pak
Setup/Locals/fr.pak
Setup/Locals/hr.pak
Setup/Locals/hu.pak
Setup/Locals/id.pak
Setup/Locals/lt.pak
Setup/Locals/lv.pak
Setup/Setup.exe
.exe windows x86

Password: 55555

86dcef20810f0da439c722b470fe2ebf

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-03-2020 00:00

Not After

15-03-2023 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:4e:46:31:73:a0:20:d7:ac:b6:50:a6:73:0a:66:68:96:d1:46:d2:f0:66:a1:1d:11:6c:28:bc:4f:89:47:ae
Signer

Actual PE Digest

ee:4e:46:31:73:a0:20:d7:ac:b6:50:a6:73:0a:66:68:96:d1:46:d2:f0:66:a1:1d:11:6c:28:bc:4f:89:47:ae

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

11-06-2022 13:36
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,OU=RE stapler cistodc,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharUpperBuffW

Sections

Size: - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

כללנ
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

כללנ
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

כללנ
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

כללנ
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup/langs/Arabic.ini
Setup/langs/Belarusian.ini
Setup/langs/Bulgarian.ini
Setup/langs/Croatian.ini
Setup/langs/Czech.ini
Setup/langs/Danish.ini
Setup/langs/English.ini
Setup/langs/Farsi.ini
Setup/langs/Finnish.ini
Setup/langs/Hebrew.ini
Setup/langs/Hindi.ini
Setup/langs/Hungarian.ini
.ps1
Setup/langs/Indonesian.ini
Setup/langs/Japanese.ini
Setup/langs/Kazakh.ini
Setup/langs/Korean.ini
.ps1
Setup/langs/Kurdish.ini
Setup/langs/Lithuanian.ini
Setup/langs/Norwegian.ini
Setup/langs/Russian.ini
Setup/langs/SimpChinese.ini
Setup/langs/Sinhala.ini
Setup/langs/Slovak.ini
Setup/langs/Swedish.ini
Setup/langs/Thai.ini
Setup/langs/TradChinese.ini
Setup/langs/Ukrainian.ini
Setup/langs/Uyghur.ini
Setup/langs/UyghurLatin.ini
Setup/langs/Uzbek.ini
Setup/langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 55555

Password: 55555

Password: 55555

86dcef20810f0da439c722b470fe2ebf

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

ee:4e:46:31:73:a0:20:d7:ac:b6:50:a6:73:0a:66:68:96:d1:46:d2:f0:66:a1:1d:11:6c:28:bc:4f:89:47:aeSigner

Signature Validations

Verification

11-06-2022 13:36 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

Size: - Virtual size: 207KB

Size: - Virtual size: 55KB

Size: - Virtual size: 84KB

Size: - Virtual size: 1KB

Size: - Virtual size: 15KB

כללנ Size: - Virtual size: 480KB

.idata Size: - Virtual size: 4KB

.themida Size: - Virtual size: 2.9MB

.boot Size: - Virtual size: 1.3MB

כללנ Size: - Virtual size: 2.5MB

כללנ Size: 1024B - Virtual size: 848B

כללנ Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 41KB - Virtual size: 41KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:31:e4:8d:08:06:5b:09:8f:84:e7:c5:10:33:60:74
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

ee:4e:46:31:73:a0:20:d7:ac:b6:50:a6:73:0a:66:68:96:d1:46:d2:f0:66:a1:1d:11:6c:28:bc:4f:89:47:ae
Signer

11-06-2022 13:36
Valid: true

כללנ
Size: - Virtual size: 480KB

.idata
Size: - Virtual size: 4KB

.themida
Size: - Virtual size: 2.9MB

.boot
Size: - Virtual size: 1.3MB

כללנ
Size: - Virtual size: 2.5MB

כללנ
Size: 1024B - Virtual size: 848B

כללנ
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 41KB - Virtual size: 41KB