file[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

file.exe
Size

2.9MB
MD5

1e46438f13693aaa0f35a0c796d60c61
SHA1

a4cfbb31c87c7368554a5081157382bedded6551
SHA256

97df47266aba1d8e7c70c88c8bf0851a53579dfac7d2bb6545ca85e809bbf1c6
SHA512

b0348e5f8962261a64130208c86321afebaff4fe1b1cb2b164a8bc35dca73ecfaaf7d2348865bee88233f3feeff3deb2884f23e86c66ee88270f55c6252c4778
SSDEEP

49152:zgVPqtIzOYelWFO5zKLV/28K6gCCLP8FL5A3mACFkHtNX6GB4I7pvIOSA:z4PSInelcYwVVK677DkHLXlB4CIPA

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

file.exe
.exe windows x64

Code Sign

44:b2:87:48:08:c1:31:a2:4f:9a:a0:f8:d6:fa:78:f0
Certificate

Issuer

CN=Colorful iGame Z390-X RNG Edition V40

Not Before

27-11-2022 22:00

Not After

28-11-2032 22:00

Subject

CN=Colorful iGame Z390-X RNG Edition V40

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:73:e3:f7:f8:06:61:8a:cb:7d:bd:79:af:b4:5f:38:1d:47:ba:1c:68:b8:8d:dd:85:6f:f7:7a:7b:fa:2f:4f
Signer

Actual PE Digest

7b:73:e3:f7:f8:06:61:8a:cb:7d:bd:79:af:b4:5f:38:1d:47:ba:1c:68:b8:8d:dd:85:6f:f7:7a:7b:fa:2f:4f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Colorful iGame Z390-X RNG Edition V40

01-12-2022 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 300KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

44:b2:87:48:08:c1:31:a2:4f:9a:a0:f8:d6:fa:78:f0Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

7b:73:e3:f7:f8:06:61:8a:cb:7d:bd:79:af:b4:5f:38:1d:47:ba:1c:68:b8:8d:dd:85:6f:f7:7a:7b:fa:2f:4fSigner

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 300KB - Virtual size: 424KB

.rsrc Size: 23KB - Virtual size: 23KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 5.7MB

.boot Size: 2.6MB - Virtual size: 2.6MB

44:b2:87:48:08:c1:31:a2:4f:9a:a0:f8:d6:fa:78:f0
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

7b:73:e3:f7:f8:06:61:8a:cb:7d:bd:79:af:b4:5f:38:1d:47:ba:1c:68:b8:8d:dd:85:6f:f7:7a:7b:fa:2f:4f
Signer

01-12-2022 14:34
Valid: false

.rsrc
Size: 23KB - Virtual size: 23KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 5.7MB

.boot
Size: 2.6MB - Virtual size: 2.6MB