Install[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Install.exe
Size

3.9MB
MD5

2827fdb5ffd1d33b8ca04a8e6c5f1c03
SHA1

c7d0885f62f777978c3a5bbaf236d2dfaa8fd4b3
SHA256

5057ef66a52c6050f1cc10faa418c58d9e3cb5039f81846c35cb2ef40f607f10
SHA512

8e22755e1594a3498c37c8d1e23aa97e1c63506506b93b4f09e2acdbf1e127154d0065181dad3b9cd44d0f03b0095df32ee2acf98ccf7a0fd8a841342ebb4526
SSDEEP

98304:zdCV6nw9E4wiJfk+y4E/zbjauqPGDuFJWqyEho+nC2US2:Nnw9pJtyPeuqPGD6DyEhzCzh

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

Install.exe
.exe windows x64

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

Issuer

CN=Logitech ZC-9016 USA State of Washington

Not Before

15-12-2021 11:48

Not After

16-12-2031 11:48

Subject

CN=Logitech ZC-9016 USA State of Washington

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:b1:73:7d:47:f4:45:8d:51:ab:9b:6c:96:d0:2e:04:60:92:a1:f6:46:48:a8:41:91:27:b5:26:11:ac:94:5e
Signer

Actual PE Digest

ce:b1:73:7d:47:f4:45:8d:51:ab:9b:6c:96:d0:2e:04:60:92:a1:f6:46:48:a8:41:91:27:b5:26:11:ac:94:5e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Logitech ZC-9016 USA State of Washington

15-12-2022 13:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2.6MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ce:b1:73:7d:47:f4:45:8d:51:ab:9b:6c:96:d0:2e:04:60:92:a1:f6:46:48:a8:41:91:27:b5:26:11:ac:94:5eSigner

Signature Validations

Verification

15-12-2022 13:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 2.6MB - Virtual size: 6.7MB

.rsrc Size: 35KB - Virtual size: 34KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 3.7MB

.boot Size: 1.3MB - Virtual size: 1.3MB

5f:cd:5e:93:49:26:1c:94:49:b8:8b:41:24:df:50:04
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ce:b1:73:7d:47:f4:45:8d:51:ab:9b:6c:96:d0:2e:04:60:92:a1:f6:46:48:a8:41:91:27:b5:26:11:ac:94:5e
Signer

15-12-2022 13:59
Valid: false

.rsrc
Size: 35KB - Virtual size: 34KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 3.7MB

.boot
Size: 1.3MB - Virtual size: 1.3MB