Vult[.]exe | Triage

Resubmissions

19/09/2022, 20:56

220919-zq94aachaj 9

19/09/2022, 20:53

220919-zpr63scgcq 9

19/09/2022, 20:46

220919-zkhrvahaa7 9

Sharing

Copy URL

Twitter E-mail

General

Target

Vult.exe
Size

3.7MB
MD5

c6079d727ab3a2fa6401f124c3eae974
SHA1

8bb4214f74b91f02e99c0ee84b6efaeee25ba8ab
SHA256

941882cbfe48b088fff514c571f0808206d341ac9bd667b29047eb9596540193
SHA512

4e571d3168189177221213c6877d04e9c39505ecbb967afa18377b29bbe8ec2c05ad7efe57d1b9d5967c4c448feff14a67b967c6cf85f5c9161d25c55c95ae0e
SSDEEP

98304:qUAtPY8eAwqmISy/CsGWPF+e8AnmLpr97eK3:NAt0AwqmI1/dPfnmT7d

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

Vult.exe
.exe windows x64

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:41:25:b1:1e:36:93:16:b4:81:f3:08:d1:d8:09
Certificate

Issuer

CN=Vult,OU=Development,O=Vult,POSTALCODE=36346,STREET=1298 County Rd #201,L=Alabama,ST=Alabama,C=US,1.2.840.113549.1.9.1=#0c1661646d696e6973747261746f724076756c742e636f6d

Not Before

18/09/2022, 21:00

Not After

02/08/2023, 20:59

Subject

CN=Vult,OU=Development,O=Vult,POSTALCODE=36346,STREET=1298 County Rd #201,L=Alabama,ST=Alabama,C=US,1.2.840.113549.1.9.1=#0c1661646d696e6973747261746f724076756c742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

30/08/2022, 00:00

Not After

29/08/2023, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a2:c9:f1:e3:4e:8f:31:73:ed:b9:98:8a:f5:46:34:c0:e3:1f:3c:29
Signer

Actual PE Digest

a2:c9:f1:e3:4e:8f:31:73:ed:b9:98:8a:f5:46:34:c0:e3:1f:3c:29

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Vult,OU=Development,O=Vult,POSTALCODE=36346,STREET=1298 County Rd #201,L=Alabama,ST=Alabama,C=US,1.2.840.113549.1.9.1=#0c1661646d696e6973747261746f724076756c742e636f6d

19/09/2022, 17:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 343KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 35KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 379B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 272B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1007B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2d:4e:41:25:b1:1e:36:93:16:b4:81:f3:08:d1:d8:09Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7Certificate

Extended Key Usages

Key Usages

a2:c9:f1:e3:4e:8f:31:73:ed:b9:98:8a:f5:46:34:c0:e3:1f:3c:29Signer

Signature Validations

Verification

19/09/2022, 17:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 343KB - Virtual size: 786KB

Size: 35KB - Virtual size: 104KB

Size: 379B - Virtual size: 12KB

Size: 10KB - Virtual size: 17KB

Size: 272B - Virtual size: 488B

Size: 1007B - Virtual size: 1KB

.imports Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 512B - Virtual size: 4KB

.taggant Size: 8KB - Virtual size: 8KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2d:4e:41:25:b1:1e:36:93:16:b4:81:f3:08:d1:d8:09
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

03:cb:34:fd:3d:ff:12:11:33:9f:f0:7c:4b:21:57:c7
Certificate

a2:c9:f1:e3:4e:8f:31:73:ed:b9:98:8a:f5:46:34:c0:e3:1f:3c:29
Signer

19/09/2022, 17:14
Valid: false

.imports
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 512B - Virtual size: 4KB

.taggant
Size: 8KB - Virtual size: 8KB