phpini[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

phpini.exe
Size

4.7MB
MD5

f2da40fe18e3f03352142579ebe11d38
SHA1

54629e222de3777d9e96bcc2fb220fd22f2bf6f0
SHA256

7eb52ff9eb4f8e25d2d5fb2ad72c65141b260a6961f2a6b77c51e354cee4c58f
SHA512

d6e353bcc30a44a1fca2dccd75b09756d44ff19fcc41a700e3b42de20fea302ef0b5a9cc85841ca5896591cd67bc51cb8e83f4edce683647258894dc965fbdad
SSDEEP

49152:fJW/K8rUGrf8PwTJdhdCc3mUL5++gcegfIWrf/o1ew/7WG1pxd0XGhY1S2F0U4PP:YK4U2fLJdrCc3mB+gnVkWjqp4rAPG

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

phpini.exe
.exe windows x64

Code Sign

26:b1:f8:72:3c:28:7f:9a:4a:9e:a4:f1:b0:2f:7f:d3
Certificate

Issuer

CN=Samsung usa Q32R504FHI RC65R539FHIZCI

Not Before

25-02-2023 11:19

Not After

26-02-2033 11:19

Subject

CN=Samsung usa Q32R504FHI RC65R539FHIZCI

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:56:a6:d1:d0:e9:e0:ac:83:dd:dd:15:c2:8b:50:04:4d:f7:8d:a0:5b:60:7b:6d:20:a9:86:0b:47:af:8d:ac
Signer

Actual PE Digest

bf:56:a6:d1:d0:e9:e0:ac:83:dd:dd:15:c2:8b:50:04:4d:f7:8d:a0:5b:60:7b:6d:20:a9:86:0b:47:af:8d:ac

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung usa Q32R504FHI RC65R539FHIZCI

27-02-2023 09:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 646KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 592KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 74KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Code Sign

26:b1:f8:72:3c:28:7f:9a:4a:9e:a4:f1:b0:2f:7f:d3Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

bf:56:a6:d1:d0:e9:e0:ac:83:dd:dd:15:c2:8b:50:04:4d:f7:8d:a0:5b:60:7b:6d:20:a9:86:0b:47:af:8d:acSigner

Signature Validations

Verification

27-02-2023 09:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 646KB - Virtual size: 2.0MB

Size: 592KB - Virtual size: 1.8MB

Size: 74KB - Virtual size: 626KB

Size: 512B - Virtual size: 1KB

Size: 8KB - Virtual size: 34KB

Size: 512B - Virtual size: 4B

.rsrc Size: 282KB - Virtual size: 281KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 3.1MB - Virtual size: 3.1MB

26:b1:f8:72:3c:28:7f:9a:4a:9e:a4:f1:b0:2f:7f:d3
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

bf:56:a6:d1:d0:e9:e0:ac:83:dd:dd:15:c2:8b:50:04:4d:f7:8d:a0:5b:60:7b:6d:20:a9:86:0b:47:af:8d:ac
Signer

27-02-2023 09:32
Valid: false

.rsrc
Size: 282KB - Virtual size: 281KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 3.1MB - Virtual size: 3.1MB