5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.zip
Size

4.9MB
MD5

8bfae00009a2b7c93c249e1873119674
SHA1

32b8ca4b605f0ed327b21a478bab96290d8e4efd
SHA256

8c03ed7e071ea4fc68cfdafdf2e59e6b8142e67cd0211ec33a04086e63806b91
SHA512

799894c717c7a9889900ac45ecd1b3a17a27576804b226e9e0e265f739d7527c9c3bbb6cbef3446d71ab4a102f8b383b623c6693d1cbb1f26832f56b9d4bf01d
SSDEEP

98304:92IjUzayockP2OAK4OidYawWAcXkQVs9y5PQbMgg6OyErUs3:1yaNP4hFAcdVs9GQfErp3

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.exe	themida

Files

5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.zip
.zip

Password: infected
5d8939223c8ec567b8cee06d775a3cdba1e2ac5ebc3984d9e9224c604f831e14.exe
.exe windows x64

Password: infected

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

Issuer

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

Not Before

27/02/2023, 19:26

Not After

28/02/2033, 19:26

Subject

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0
Signer

Actual PE Digest

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung NET Q32R404FHWI RC65R539FHIZCI

27/02/2023, 09:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 791KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 807KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 77KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 521KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 130KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 9KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 57KB - Virtual size: 327KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2aCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0Signer

Signature Validations

Verification

27/02/2023, 09:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 791KB - Virtual size: 2.3MB

Size: 807KB - Virtual size: 2.2MB

Size: 77KB - Virtual size: 663KB

Size: 512B - Virtual size: 295B

Size: 400KB - Virtual size: 400KB

Size: 80KB - Virtual size: 80KB

Size: 512B - Virtual size: 48B

Size: 827KB - Virtual size: 827KB

Size: 521KB - Virtual size: 523KB

Size: 130KB - Virtual size: 133KB

Size: 512B - Virtual size: 1KB

Size: 9KB - Virtual size: 43KB

Size: 57KB - Virtual size: 327KB

.rsrc Size: 633KB - Virtual size: 632KB

.idata Size: 512B - Virtual size: 4KB

.themida Size: 2.7MB - Virtual size: 2.7MB

4b:ec:ba:79:34:44:83:86:4d:b3:66:95:18:1a:6f:2a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

41:5d:4f:29:ff:42:29:b4:94:2c:a0:92:5d:86:29:83:6f:46:fd:55:8e:60:be:4a:65:11:39:0f:8f:12:c0:b0
Signer

27/02/2023, 09:31
Valid: false

.rsrc
Size: 633KB - Virtual size: 632KB

.idata
Size: 512B - Virtual size: 4KB

.themida
Size: 2.7MB - Virtual size: 2.7MB