Install[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Install.exe
Size

4.2MB
MD5

d8f278167aabd0d6deaf0454ad8c25ed
SHA1

bebd64d7584a07cdc9f3334bbeaffe36f137ca67
SHA256

356d67eb809b195349d0e32b42a1a6aef4a0d48049dabd3f37d8bca246f191e5
SHA512

be6ba32c409cae1647cf2b6dbdc094445103ae5b861a43fb32e3f29f86e256c8f31c25d351f16f001a724fc17f441487cea4b7b6f38fd28b38d1965d605eb5d9
SSDEEP

49152:g6O26LhjgYwGesxEbQfe1mBFmS+fglb54/Mf5WiYbogXdDtyxdNZMhPopcNcIfZy:gbBtDePbeeuILgX40skn0Pyc2IfeEy

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

Install.exe
.exe windows x64

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

Issuer

CN=Logitech ZC-9016 USA State of Washington

Not Before

15-12-2021 11:48

Not After

16-12-2031 11:48

Subject

CN=Logitech ZC-9016 USA State of Washington

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:6f:03:93:89:58:0f:2f:e7:ce:55:9e:38:c2:f5:50:0a:23:b9:20:b7:e2:f2:93:05:4c:59:7a:62:c2:4c:12
Signer

Actual PE Digest

6d:6f:03:93:89:58:0f:2f:e7:ce:55:9e:38:c2:f5:50:0a:23:b9:20:b7:e2:f2:93:05:4c:59:7a:62:c2:4c:12

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Logitech ZC-9016 USA State of Washington

15-12-2022 14:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2.7MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6d:6f:03:93:89:58:0f:2f:e7:ce:55:9e:38:c2:f5:50:0a:23:b9:20:b7:e2:f2:93:05:4c:59:7a:62:c2:4c:12Signer

Signature Validations

Verification

15-12-2022 14:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 2.7MB - Virtual size: 7.0MB

.rsrc Size: 115KB - Virtual size: 114KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 1.4MB - Virtual size: 1.4MB

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6d:6f:03:93:89:58:0f:2f:e7:ce:55:9e:38:c2:f5:50:0a:23:b9:20:b7:e2:f2:93:05:4c:59:7a:62:c2:4c:12
Signer

15-12-2022 14:03
Valid: false

.rsrc
Size: 115KB - Virtual size: 114KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 1.4MB - Virtual size: 1.4MB