Pass_1234_Setup(4)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Pass_1234_Setup(4).rar
Size

5.2MB
MD5

8f2cd356678b92781a28360daf7ba43a
SHA1

938e41e86e60747a329f1ec035e6ac0d8f775440
SHA256

61d0b5fbcd40db03c48bce7ae624c62e8082b4a18e85449dc8c78a9577f06a62
SHA512

1dc5616c28e38c0432799bb823f7a97a489188a806ac05a8d4f85e93e74d7b2017e1af47a8609b8df878bda66521038810d5356fbeb0d4f95151a703a336683d
SSDEEP

98304:/yAsqg/M1Si/3wZyj3WVXUCjqZA8f/0AV2B8OqrPQDUhJ2va:/yv/cbPazV7jq2akSoOJ2va

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/Setup.exe	themida

Files

Pass_1234_Setup(4).rar
.rar

Password: 1234
Setup.exe
.exe windows x86

Password: 1234

Code Sign

12:b9:40:c0:40:22:90:ba:47:95:63:88:96:e9:c4:37
Certificate

Issuer

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 2048Mb 2.5 Rtl

Not Before

15/10/2022, 10:21

Not After

16/10/2032, 10:21

Subject

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 2048Mb 2.5 Rtl

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:a6:6b:bd:f1:e1:5a:69:5e:d3:3a:94:98:4b:9d:b6:46:16:52:26:7a:cf:4d:3a:e7:37:cd:9b:58:89:a3:0f
Signer

Actual PE Digest

14:a6:6b:bd:f1:e1:5a:69:5e:d3:3a:94:98:4b:9d:b6:46:16:52:26:7a:cf:4d:3a:e7:37:cd:9b:58:89:a3:0f

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 2048Mb 2.5 Rtl

14/10/2022, 21:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1024B - Virtual size: 989B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 89KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 253KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

Code Sign

12:b9:40:c0:40:22:90:ba:47:95:63:88:96:e9:c4:37Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

14:a6:6b:bd:f1:e1:5a:69:5e:d3:3a:94:98:4b:9d:b6:46:16:52:26:7a:cf:4d:3a:e7:37:cd:9b:58:89:a3:0fSigner

Signature Validations

Verification

14/10/2022, 21:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1024B - Virtual size: 989B

Size: 512B - Virtual size: 678B

Size: 89KB - Virtual size: 166KB

Size: 253KB - Virtual size: 435KB

Size: 512B - Virtual size: 72B

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 35KB - Virtual size: 35KB

.themida Size: - Virtual size: 5.9MB

.boot Size: 3.7MB - Virtual size: 3.7MB

12:b9:40:c0:40:22:90:ba:47:95:63:88:96:e9:c4:37
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

14:a6:6b:bd:f1:e1:5a:69:5e:d3:3a:94:98:4b:9d:b6:46:16:52:26:7a:cf:4d:3a:e7:37:cd:9b:58:89:a3:0f
Signer

14/10/2022, 21:51
Valid: false

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 35KB - Virtual size: 35KB

.themida
Size: - Virtual size: 5.9MB

.boot
Size: 3.7MB - Virtual size: 3.7MB