NewstVersion_1234_InstallerPass[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

NewstVersion_1234_InstallerPass.rar
Size

4.1MB
MD5

cda1504b1d4004c8bf3b90b9035ebeb8
SHA1

46832d82bc25c7363f32b3473872936e97cfe990
SHA256

4d18cd22365f3f3d714fca4a674014fc7a68d6029da4c53a94fe950189f9c956
SHA512

3932b135f10e2cf84811fb462b4dc9e804883fb6aed2262848dcf543515a00e5b14728d8c700286402b5232083b394c1180e4c55ddd383ba1de03731eb00dd5c
SSDEEP

98304:8/W8ZSAQXOhvyrvtrfyz7bpVs6pOohZsKRPm5:8u8kA0OhqRrKz3Ee5RO5

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
static1/unpack001/Setup.exe	themida

Files

NewstVersion_1234_InstallerPass.rar
.rar

Password: 1234
Setup.exe
.exe windows x64

Password: 1234

Code Sign

30:53:fb:c3:22:9a:9e:ad:47:c1:25:8a:04:a0:09:c8
Certificate

Issuer

CN=Toshiba MQ01ABMxx 2.5 MQ01ABD060

Not Before

07-10-2022 20:43

Not After

08-10-2032 20:43

Subject

CN=Toshiba MQ01ABMxx 2.5 MQ01ABD060

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:f4:0f:2f:9e:68:b8:2d:d7:b9:e1:e1:39:e1:f5:c8:21:16:4c:82:b6:c1:f3:a1:ac:0e:9d:4c:79:fe:96:d1
Signer

Actual PE Digest

ae:f4:0f:2f:9e:68:b8:2d:d7:b9:e1:e1:39:e1:f5:c8:21:16:4c:82:b6:c1:f3:a1:ac:0e:9d:4c:79:fe:96:d1

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Toshiba MQ01ABMxx 2.5 MQ01ABD060

15-12-2022 13:55
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 250KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
WellWishPas.txt
langs/Croatian.ini
langs/Danish.ini
langs/English.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Norwegian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

Code Sign

30:53:fb:c3:22:9a:9e:ad:47:c1:25:8a:04:a0:09:c8Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ae:f4:0f:2f:9e:68:b8:2d:d7:b9:e1:e1:39:e1:f5:c8:21:16:4c:82:b6:c1:f3:a1:ac:0e:9d:4c:79:fe:96:d1Signer

Signature Validations

Verification

15-12-2022 13:55 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 250KB - Virtual size: 352KB

.rsrc Size: 35KB - Virtual size: 34KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 6.2MB

.boot Size: 3.0MB - Virtual size: 3.0MB

30:53:fb:c3:22:9a:9e:ad:47:c1:25:8a:04:a0:09:c8
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ae:f4:0f:2f:9e:68:b8:2d:d7:b9:e1:e1:39:e1:f5:c8:21:16:4c:82:b6:c1:f3:a1:ac:0e:9d:4c:79:fe:96:d1
Signer

15-12-2022 13:55
Valid: false

.rsrc
Size: 35KB - Virtual size: 34KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 6.2MB

.boot
Size: 3.0MB - Virtual size: 3.0MB