4867822a4f3b6a5863c1a3e407ca09aae29fed5be1e4fb6bdce6f25432d329dc[.]zip

Resubmissions

02-08-2022 14:30

220802-rt5nzafgg6 9

02-08-2022 13:53

220802-q7bsdafee7 9

Sharing

Copy URL

Twitter E-mail

General

Target

4867822a4f3b6a5863c1a3e407ca09aae29fed5be1e4fb6bdce6f25432d329dc.zip
Size

4.7MB
MD5

d8a8eadbca999c4107f5cd7631c2f82e
SHA1

d84eb1cff0a48453c2f989668535e5ad0cfb8fcd
SHA256

29c562281ab68f2f7861057de64ebf548038ce084cc878f676cf86b200a1dd91
SHA512

d2d3208763a8d64b8c2775e2ecd6e46dd09b9282b973264e0ddcea08055b8f639118e4f1809921177c29037e4e947421d659417d088cc3f1ed462efb982e00b4
SSDEEP

98304:H/GZZy1r+3k1P99da8YBWxTBjJle/SXN3IF200toxXVDVHbXiWE3:H/9w0t9/CIBjCS/yx1FJE3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/4867822a4f3b6a5863c1a3e407ca09aae29fed5be1e4fb6bdce6f25432d329dc.exe	themida

Files

4867822a4f3b6a5863c1a3e407ca09aae29fed5be1e4fb6bdce6f25432d329dc.zip
.zip

Password: infected
4867822a4f3b6a5863c1a3e407ca09aae29fed5be1e4fb6bdce6f25432d329dc.exe
.exe windows x86

Password: infected

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:58:b5:34:6f:4d:e8:7c:85:0f:aa:5a:99:4f:d9:35
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18-06-2021 00:00

Not After

02-06-2022 23:59

Subject

SERIALNUMBER=1300793-6,CN=Stream Synergy Inc.,O=Stream Synergy Inc.,L=Markham,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:7b:4c:76:57:ea:01:00:02:7d:41:e8:be:5c:48:77:e1:cf:eb:86:1e:2e:6d:e9:bc:fa:c1:0a:21:fe:02:e4
Signer

Actual PE Digest

3d:7b:4c:76:57:ea:01:00:02:7d:41:e8:be:5c:48:77:e1:cf:eb:86:1e:2e:6d:e9:bc:fa:c1:0a:21:fe:02:e4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=1300793-6,CN=Stream Synergy Inc.,O=Stream Synergy Inc.,L=Markham,ST=Ontario,C=CA,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-01-0001 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

0d:58:b5:34:6f:4d:e8:7c:85:0f:aa:5a:99:4f:d9:35Certificate

Extended Key Usages

Key Usages

3d:7b:4c:76:57:ea:01:00:02:7d:41:e8:be:5c:48:77:e1:cf:eb:86:1e:2e:6d:e9:bc:fa:c1:0a:21:fe:02:e4Signer

Signature Validations

Verification

01-01-0001 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 18KB - Virtual size: 27KB

Size: 1KB - Virtual size: 6KB

Size: 512B - Virtual size: 127KB

.ndata Size: - Virtual size: 244KB

Size: 3.6MB - Virtual size: 3.6MB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 145KB - Virtual size: 145KB

.themida Size: 2.1MB - Virtual size: 2.1MB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

0d:58:b5:34:6f:4d:e8:7c:85:0f:aa:5a:99:4f:d9:35
Certificate

3d:7b:4c:76:57:ea:01:00:02:7d:41:e8:be:5c:48:77:e1:cf:eb:86:1e:2e:6d:e9:bc:fa:c1:0a:21:fe:02:e4
Signer

01-01-0001 00:00
Valid: false

.ndata
Size: - Virtual size: 244KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 145KB - Virtual size: 145KB

.themida
Size: 2.1MB - Virtual size: 2.1MB