Install[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Install.exe
Size

4.0MB
MD5

72bd2dbeb056e803307652018a7846b8
SHA1

d3b1fd9f06555e2af3674178f06718dfc9b17019
SHA256

c10e7f6717cd8ac529043e6552d406c41a2c83f0f28e57c7e6084f91ce92ec25
SHA512

e39fecb7821fb1f7986f89f642cc6fd5a42393bfb1c1853767df932f5ff9da38c72d0904737e25836cdb8ef11fa518dc7d94b649d4c08e2b7e9b10d30245630f
SSDEEP

49152:W3C4Y214r2K1UYwaMf8KrPYvKNOdUqZkjyn3lieAPdy8U7H6RS8u3Wb7VB2jMo0:W3JobUM0PYCEuqCjkQG8500

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

Install.exe
.exe windows x64

Code Sign

29:43:9b:e8:07:84:37:b1:47:dc:cc:b2:b0:d3:b4:b0
Certificate

Issuer

CN=Colorful iGame S790-X ZNG Edition V35

Not Before

01-12-2022 17:37

Not After

02-12-2032 17:37

Subject

CN=Colorful iGame S790-X ZNG Edition V35

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:17:60:5a:7c:d8:b4:97:8a:9c:06:33:cb:cc:92:6f:79:86:3a:da:5c:f2:1d:ca:d3:d9:99:4b:7f:bb:31:b4
Signer

Actual PE Digest

59:17:60:5a:7c:d8:b4:97:8a:9c:06:33:cb:cc:92:6f:79:86:3a:da:5c:f2:1d:ca:d3:d9:99:4b:7f:bb:31:b4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Colorful iGame S790-X ZNG Edition V35

13-01-2023 12:41
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 2.6MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

29:43:9b:e8:07:84:37:b1:47:dc:cc:b2:b0:d3:b4:b0Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

59:17:60:5a:7c:d8:b4:97:8a:9c:06:33:cb:cc:92:6f:79:86:3a:da:5c:f2:1d:ca:d3:d9:99:4b:7f:bb:31:b4Signer

Signature Validations

Verification

13-01-2023 12:41 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 2.6MB - Virtual size: 2.7MB

.rsrc Size: 173KB - Virtual size: 172KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 3.3MB

.boot Size: 1.2MB - Virtual size: 1.2MB

29:43:9b:e8:07:84:37:b1:47:dc:cc:b2:b0:d3:b4:b0
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

59:17:60:5a:7c:d8:b4:97:8a:9c:06:33:cb:cc:92:6f:79:86:3a:da:5c:f2:1d:ca:d3:d9:99:4b:7f:bb:31:b4
Signer

13-01-2023 12:41
Valid: false

.rsrc
Size: 173KB - Virtual size: 172KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 1.2MB - Virtual size: 1.2MB