L22_File[.]zip[.]virus

Sharing

Copy URL

Twitter E-mail

General

Target

L22_File.zip.virus
Size

6.4MB
MD5

72a9f4e777d2f5046a47a5d580986444
SHA1

3d64114624dc2f1c96485cb7c193ea95fab4f731
SHA256

ec4bf6cfc55df437a044d2f779cfd3619ddc96d4c7c5cb6621f38e9e30ec1041
SHA512

23eddd86be0fed3f86de09378c55f85b0e47f967432edb079abb242fb046693c8d58734a32784e65729ca538e5492dddc18c498c7986b88da4302bb9420395ec
SSDEEP

196608:Tjfhn41BNL8oYEzjTy1vt2Dv4WoeUnpxQS+i+:vZn41B95j2vt2sci+

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Install.exe	themida

Files

L22_File.zip.virus
.zip
Install.exe
.exe windows x86

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:0f:29:c0:2c:3c:2b:ed:1d:72:75:1a:cf:d5:fa:9c:fd:19:12:00:d4:34:27:8d:f1:a6:14:60:91:8e:06:2e
Signer

Actual PE Digest

d6:0f:29:c0:2c:3c:2b:ed:1d:72:75:1a:cf:d5:fa:9c:fd:19:12:00:d4:34:27:8d:f1:a6:14:60:91:8e:06:2e

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26-08-2022 16:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 847KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 74KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vm_sec
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
Readme.txt
fonts/Alakob.ttf
fonts/AlaskanNights.ttf
fonts/Arggotsc.ttf
fonts/Army Condensed.ttf
fonts/Army Thin.ttf
fonts/BELL.TTF
fonts/BELLB.TTF
fonts/BELLI.TTF
fonts/BOD_BI.TTF
fonts/BOD_BLAI.TTF
fonts/BOD_I.TTF
fonts/CALISTB.TTF
fonts/CALISTBI.TTF
fonts/CENTAUR.TTF
fonts/Cabana-Regular.ttf
fonts/baby_csp.ttf
fonts/black.ttf
fonts/bold_0.ttf
fonts/browa.ttf
fonts/browau.ttf
fonts/browauz.ttf
fonts/browaz.ttf
fonts/deathrattlebb_reg.ttf
langs/Arabic.ini
langs/Belarusian.ini
langs/Bulgarian.ini
langs/Croatian.ini
langs/Czech.ini
langs/Danish.ini
langs/English.ini
langs/Farsi.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hindi.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Lithuanian.ini
langs/Norwegian.ini
langs/Russian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/Uyghur.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

d6:0f:29:c0:2c:3c:2b:ed:1d:72:75:1a:cf:d5:fa:9c:fd:19:12:00:d4:34:27:8d:f1:a6:14:60:91:8e:06:2eSigner

Signature Validations

Verification

26-08-2022 16:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 847KB - Virtual size: 2.0MB

Size: 74KB - Virtual size: 168KB

Size: 4KB - Virtual size: 34KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

Size: 28KB - Virtual size: 41KB

.vm_sec Size: 128KB - Virtual size: 128KB

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 16B - Virtual size: 4KB

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d6:0f:29:c0:2c:3c:2b:ed:1d:72:75:1a:cf:d5:fa:9c:fd:19:12:00:d4:34:27:8d:f1:a6:14:60:91:8e:06:2e
Signer

26-08-2022 16:48
Valid: false

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

.vm_sec
Size: 128KB - Virtual size: 128KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 16B - Virtual size: 4KB