Setup[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Setup.exe
Size

379.9MB
MD5

1b74e0765a5f3c58c9a00b66196abf83
SHA1

25ca26a774fe4458b5f788a5f849bd25e1059ee9
SHA256

fd7058957e83055d1f5f1532e3032b88d5f41b28214247be41015f990e4b736c
SHA512

80828192c9138c4d90347f2b2f7aac17edc3b478f5ebc62a758e9cbe92dda549ff4211dcbe73595d83a1c663cf140b993bf8a7bb4738ff9075adbddc929cf323
SSDEEP

49152:KIfXAbTLNYJPKJof7HG1SGKQ6ttgACcMMc5EznT8UuhN9uuMGaDgcaUYFbtxm+VH:O/mC1K5ttRj2qAF9fY31Gtn

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

Setup.exe
.exe windows x86

Code Sign

57:45:48:ac:15:69:87:9b:4c:24:2a:9a:28:9e:f1:5c
Certificate

Issuer

CN=Toshiba MQ01ABMxx 2.5 WH03ABW030

Not Before

11-10-2022 11:46

Not After

12-10-2032 11:46

Subject

CN=Toshiba MQ01ABMxx 2.5 WH03ABW030

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:cd:93:26:89:75:df:be:fc:9b:58:6b:9c:46:45:bd:7e:52:d3:dd:90:ef:87:d9:a5:dd:80:16:eb:fd:ec:0d
Signer

Actual PE Digest

41:cd:93:26:89:75:df:be:fc:9b:58:6b:9c:46:45:bd:7e:52:d3:dd:90:ef:87:d9:a5:dd:80:16:eb:fd:ec:0d

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Toshiba MQ01ABMxx 2.5 WH03ABW030

02-11-2022 14:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 96KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 173KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

57:45:48:ac:15:69:87:9b:4c:24:2a:9a:28:9e:f1:5cCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

41:cd:93:26:89:75:df:be:fc:9b:58:6b:9c:46:45:bd:7e:52:d3:dd:90:ef:87:d9:a5:dd:80:16:eb:fd:ec:0dSigner

Signature Validations

Verification

02-11-2022 14:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 96KB - Virtual size: 202KB

Size: 24KB - Virtual size: 56KB

Size: 2KB - Virtual size: 84KB

Size: 1KB - Virtual size: 1KB

Size: 9KB - Virtual size: 15KB

Size: 173KB - Virtual size: 387KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.themida Size: 4.9MB - Virtual size: 4.9MB

57:45:48:ac:15:69:87:9b:4c:24:2a:9a:28:9e:f1:5c
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

41:cd:93:26:89:75:df:be:fc:9b:58:6b:9c:46:45:bd:7e:52:d3:dd:90:ef:87:d9:a5:dd:80:16:eb:fd:ec:0d
Signer

02-11-2022 14:00
Valid: false

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.themida
Size: 4.9MB - Virtual size: 4.9MB