5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.zip
Size

4.9MB
MD5

41e381c5f1ec6998f306591391680112
SHA1

72dbbd4532ae94d417ce44d3af24885883d23dd1
SHA256

282f88538155ade16a6715714d887543c5d7489fc2608024cdd32124714ddc72
SHA512

684575b06f58d85de2a8d98a6e8da5936f1ab75bc127c6946860975d79a09a4bee0537c5e7c147154a2f66a156164d80cf37b7466737ff3813c2c1d069bc2a07
SSDEEP

98304:jWHbituybTtw69EMRgQuJ1bBbkWfMD15gwIggTu3l7sy/Nhi9mG:juR8tnO8gQ0fnwIgdrjOB

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.exe	themida

Files

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.zip
.zip

Password: infected
5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.exe
.exe windows x64

Password: infected

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

Issuer

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

Not Before

27/02/2023, 19:26

Not After

28/02/2033, 19:26

Subject

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0
Signer

Actual PE Digest

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

27/02/2023, 09:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 791KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 807KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 77KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 521KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 130KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 57KB - Virtual size: 327KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2aCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0Signer

Signature Validations

Verification

27/02/2023, 09:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 791KB - Virtual size: 2.3MB

Size: 807KB - Virtual size: 2.2MB

Size: 77KB - Virtual size: 663KB

Size: 512B - Virtual size: 295B

Size: 400KB - Virtual size: 400KB

Size: 80KB - Virtual size: 80KB

Size: 512B - Virtual size: 48B

Size: 827KB - Virtual size: 827KB

Size: 521KB - Virtual size: 523KB

Size: 130KB - Virtual size: 133KB

Size: 512B - Virtual size: 1KB

Size: 9KB - Virtual size: 43KB

Size: 57KB - Virtual size: 327KB

.rsrc Size: 633KB - Virtual size: 632KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 2.7MB - Virtual size: 2.7MB

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0
Signer

27/02/2023, 09:32
Valid: false

.rsrc
Size: 633KB - Virtual size: 632KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 2.7MB - Virtual size: 2.7MB