Amd[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Amd.zip
Size

6.4MB
MD5

bee2709e1c101e80f8ae4298ecebafe1
SHA1

5aac68d3fdc03abb6a9f3a79d9a706b6d0de4eec
SHA256

0e6f2d58c9c816acc484d8f68e7b9c5e5a650ea92116bd07298e39ee00e5b57e
SHA512

e46a845345f2de5097b96da0954933322e24641e4a851aeae75a60d5c657015259105958570e91832926b2a84a3c05e9a0ba558608838c28e45989dc53cae02d
SSDEEP

98304:jGHUoDWJsY+Y34PSwZD80YDF5njGrN1YDs3yso15Cva0jLWzstCnv:jsD4Bt3wSwj+vyfYDs3e8djLWLv

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/amd software.exe	themida

Files

Amd.zip
.zip
amd software.exe
.exe windows x64

Code Sign

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-11-2018 00:00

Not After

17-11-2021 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:8a:ad:5e:25:0b:0e:88:b5:8f:a9:7e:4b:3e:40:3c:a3:a6:2f:fa:a1:e1:0c:a3:c1:84:48:56:32:4b:ba:ba
Signer

Actual PE Digest

0b:8a:ad:5e:25:0b:0e:88:b5:8f:a9:7e:4b:3e:40:3c:a3:a6:2f:fa:a1:e1:0c:a3:c1:84:48:56:32:4b:ba:ba

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

03-02-2020 16:51
Valid: true

Chain 1

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 396KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
icucnv67.dll
.msi
icudt67.dll
.msi

Sharing

General

Malware Config

Signatures

Files

Code Sign

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2fCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0b:8a:ad:5e:25:0b:0e:88:b5:8f:a9:7e:4b:3e:40:3c:a3:a6:2f:fa:a1:e1:0c:a3:c1:84:48:56:32:4b:ba:baSigner

Signature Validations

Verification

03-02-2020 16:51 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 396KB - Virtual size: 400KB

.rsrc Size: 27KB - Virtual size: 26KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: 8.2MB - Virtual size: 8.2MB

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0b:8a:ad:5e:25:0b:0e:88:b5:8f:a9:7e:4b:3e:40:3c:a3:a6:2f:fa:a1:e1:0c:a3:c1:84:48:56:32:4b:ba:ba
Signer

03-02-2020 16:51
Valid: true

.text
Size: 396KB - Virtual size: 400KB

.rsrc
Size: 27KB - Virtual size: 26KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: 8.2MB - Virtual size: 8.2MB