Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
General
-
Target
file.exe
-
Size
1.5MB
-
MD5
568b7bfb4704fd983f84f85239b7ffdb
-
SHA1
5b1ee5f39e914ce7359d31c87921b3471d02e1b5
-
SHA256
bf704081a2b7509fde6efff9ab9213226af10ea0059e8abacd6c633fd16687d2
-
SHA512
147ff1167adf1ae1bdbd1ff648ba0fc8a3b4b79727a3214bed76fdc130700d9a65ab6dbadcf56eb60886e6fc59a4af49c0e395e62bc4726fa002d26d89313e91
-
SSDEEP
24576:kBjeUe5UeJmfIHM4O4muFgvZciS5lJ3ZGosy80EMbF71tsKCv9AAv1h3oS0wslL:kBab5bcd4muFgvKiCgy80EMB7TglAAv2
Malware Config
Signatures
-
resource yara_rule sample themida
Files
-
file.exe.exe windows x64
Code Sign
6e:c7:d0:b8:d8:e8:20:8e:42:35:f4:ae:ed:ad:59:27Certificate
IssuerCN=Acer Nitro USA AN517-58 [AN517-75-77M3]Not Before24/01/2023, 11:23Not After25/01/2033, 11:23SubjectCN=Acer Nitro USA AN517-58 [AN517-75-77M3]90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before11/05/2022, 00:00Not After10/08/2033, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f3:78:a7:eb:c8:40:59:b7:22:27:c3:e3:c9:c6:b2:c7:7a:bf:4a:4b:08:e2:b7:ca:e9:6a:8d:80:4a:0a:f2:ccSigner
Actual PE Digestf3:78:a7:eb:c8:40:59:b7:22:27:c3:e3:c9:c6:b2:c7:7a:bf:4a:4b:08:e2:b7:ca:e9:6a:8d:80:4a:0a:f2:ccDigest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Acer Nitro USA AN517-58 [AN517-75-77M3]02/02/2023, 17:56 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 12KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 362KB - Virtual size: 361KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: - Virtual size: 3.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ