browser-renew[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

browser-renew.exe
Size

4.5MB
MD5

d68002702cbfc49e2c762d1cfcd742d3
SHA1

e89c8128a7a797d0112e294b116c2de5a7aba030
SHA256

cbcf193959725222c09482cd5ff685b63c0a6b564e6e07fa7f605bc3bcc2ba6e
SHA512

600d02a6ceb6c712e85ac76599145ab1b081dbc7959a5d50b3ec6276c21a665fe54ab9d5437d04ffcc2251f5656ad0447b48acaa60aba09e860d17d944a4b439
SSDEEP

98304:NbNH4gy13hOtY9UAMkDOxvnEu+dvF219MjMiMe2Iy:bHf09UAMkkvEuivU9MjOeo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

browser-renew.exe
.exe windows x86

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:ef:d9:c4:89:6e:59:a2:20:75:c0:e9:f9:40:5b:7e
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/05/2021, 00:00

Not After

12/05/2023, 23:59

Subject

CN=William Streeter,O=William Streeter,L=Cheltenham,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:4f:0d:19:77:19:60:4d:02:2c:85:70:f8:a2:25:e3:4d:6e:17:95
Signer

Actual PE Digest

1c:4f:0d:19:77:19:60:4d:02:2c:85:70:f8:a2:25:e3:4d:6e:17:95

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=William Streeter,O=William Streeter,L=Cheltenham,ST=Pennsylvania,C=US

04/11/2022, 15:41
Valid: true

Chain 1

CN=William Streeter,O=William Streeter,L=Cheltenham,ST=Pennsylvania,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=William Streeter,O=William Streeter,L=Cheltenham,ST=Pennsylvania,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 916KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 111KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 636KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 77KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01Certificate

Key Usages

53:ef:d9:c4:89:6e:59:a2:20:75:c0:e9:f9:40:5b:7eCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

1c:4f:0d:19:77:19:60:4d:02:2c:85:70:f8:a2:25:e3:4d:6e:17:95Signer

Signature Validations

Verification

04/11/2022, 15:41 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Sections

Size: 916KB - Virtual size: 1.8MB

Size: 111KB - Virtual size: 417KB

Size: 8KB - Virtual size: 59KB

Size: 636KB - Virtual size: 5.1MB

Size: 77KB - Virtual size: 155KB

.imports Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 102KB - Virtual size: 102KB

.themida Size: - Virtual size: 4.5MB

.boot Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 16B - Virtual size: 4KB

01
Certificate

53:ef:d9:c4:89:6e:59:a2:20:75:c0:e9:f9:40:5b:7e
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

1c:4f:0d:19:77:19:60:4d:02:2c:85:70:f8:a2:25:e3:4d:6e:17:95
Signer

04/11/2022, 15:41
Valid: true

.imports
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 102KB - Virtual size: 102KB

.themida
Size: - Virtual size: 4.5MB

.boot
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 16B - Virtual size: 4KB