BLTools-v2[.]0[.]0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BLTools-v2.0.0.exe
Size

6.5MB
MD5

f8a9e7c1b97cb8c30fae57c0fff005b8
SHA1

ee84bd5ab4609227de876f7e6101fa309ee26f86
SHA256

c6662bffe7f07cd10df515658bb6686406fd5a9114733368ec6c9619fcfe684f
SHA512

ab31639dcbc0cec20cf47d12d91131a07095cd74e2c7ab94a42fbce45c573c364898f2bed7c0af672e10b140ce01b0ba1ace32f2668fe273ec95ad41714524e8
SSDEEP

196608:BOfEjrykUm/IJZtsb0ASuRuOpy+1yrJUcZ/x1rMM:BOfisxK0ASu5RhcRrMM

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

BLTools-v2.0.0.exe
.exe windows x64

Code Sign

34:77:0e:4f:38:f7:a4:9c:4a:a1:87:26:6b:19:c1:91
Certificate

Issuer

CN=BLTools by boyring

Not Before

24/09/2022, 05:00

Not After

25/09/2055, 05:00

Subject

CN=BLTools by boyring

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:5d:52:3a:f4:83:e1:27:e7:a8:6c:6b:c4:46:86:50:8c:a6:81:69:c6:8e:53:f8:85:b4:54:37:b5:12:62:98
Signer

Actual PE Digest

eb:5d:52:3a:f4:83:e1:27:e7:a8:6c:6b:c4:46:86:50:8c:a6:81:69:c6:8e:53:f8:85:b4:54:37:b5:12:62:98

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=BLTools by boyring

25/09/2022, 18:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 19KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

34:77:0e:4f:38:f7:a4:9c:4a:a1:87:26:6b:19:c1:91Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

eb:5d:52:3a:f4:83:e1:27:e7:a8:6c:6b:c4:46:86:50:8c:a6:81:69:c6:8e:53:f8:85:b4:54:37:b5:12:62:98Signer

Signature Validations

Verification

25/09/2022, 18:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 3.8MB - Virtual size: 3.8MB

Size: 19KB - Virtual size: 67KB

.imports Size: 512B - Virtual size: 8KB

.rsrc Size: 68KB - Virtual size: 68KB

.themida Size: - Virtual size: 4.3MB

.boot Size: 2.7MB - Virtual size: 2.7MB

34:77:0e:4f:38:f7:a4:9c:4a:a1:87:26:6b:19:c1:91
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

eb:5d:52:3a:f4:83:e1:27:e7:a8:6c:6b:c4:46:86:50:8c:a6:81:69:c6:8e:53:f8:85:b4:54:37:b5:12:62:98
Signer

25/09/2022, 18:00
Valid: false

.imports
Size: 512B - Virtual size: 8KB

.rsrc
Size: 68KB - Virtual size: 68KB

.themida
Size: - Virtual size: 4.3MB

.boot
Size: 2.7MB - Virtual size: 2.7MB