Android[.]Physical[.]NET[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Android.Physical.NET.exe
Size

4.8MB
MD5

dae3dd705e0a212341bc87e802e33d78
SHA1

7a1f623c240e9e234f60fb398f5dc76ac7ff1abd
SHA256

801ff04c7991bc26427b68f575aa7c6e6b77930b9cadeb3617fe6c6cedb1e67d
SHA512

ac8849adfbf59551f9d6bad64d231d4aa1c8d21a46bd225ac5aab96f4e4d27b3634529223bcbc103cb905685471ca12e5c07f2105160f4978bfe92340ee79b4b
SSDEEP

98304:AWwOKgOLG3MR6HlLIG73MhX8qXEdbyWKQil51NN0z:qOBPl8GK8q22WGNNs

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

resource	yara_rule
sample	themida

Files

Android.Physical.NET.exe
.exe windows x64

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:5e:33:f4:ce:39:fb:68:f2:cb:96:43
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14-01-2022 06:06

Not After

15-01-2023 06:06

Subject

SERIALNUMBER=110111-1673585,CN=HANCOM WITH Inc.,O=HANCOM WITH Inc.,STREET=49\, Daewangpangyo-ro 644beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:03:d3:8a:a0:90:cc:00:d6:87:b8:3c:fd:16:3c:d1:7c:37:c2:f9:a4:e4:51:bd:fd:96:b1:7a:1d:ac:d1:23
Signer

Actual PE Digest

13:03:d3:8a:a0:90:cc:00:d6:87:b8:3c:fd:16:3c:d1:7c:37:c2:f9:a4:e4:51:bd:fd:96:b1:7a:1d:ac:d1:23

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=110111-1673585,CN=HANCOM WITH Inc.,O=HANCOM WITH Inc.,STREET=49\, Daewangpangyo-ro 644beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

09-05-2022 00:28
Valid: true

Chain 1

SERIALNUMBER=110111-1673585,CN=HANCOM WITH Inc.,O=HANCOM WITH Inc.,STREET=49\, Daewangpangyo-ro 644beon-gil\, Bundang-gu,L=Seongnam-si,ST=Gyeonggi-do,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 511KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

57:5e:33:f4:ce:39:fb:68:f2:cb:96:43Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

13:03:d3:8a:a0:90:cc:00:d6:87:b8:3c:fd:16:3c:d1:7c:37:c2:f9:a4:e4:51:bd:fd:96:b1:7a:1d:ac:d1:23Signer

Signature Validations

Verification

09-05-2022 00:28 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 511KB - Virtual size: 512KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 2KB

.idata Size: 512B - Virtual size: 8KB

.themida Size: - Virtual size: 7.2MB

.boot Size: 4.2MB - Virtual size: 4.2MB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

57:5e:33:f4:ce:39:fb:68:f2:cb:96:43
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

13:03:d3:8a:a0:90:cc:00:d6:87:b8:3c:fd:16:3c:d1:7c:37:c2:f9:a4:e4:51:bd:fd:96:b1:7a:1d:ac:d1:23
Signer

09-05-2022 00:28
Valid: true

.text
Size: 511KB - Virtual size: 512KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 2KB

.idata
Size: 512B - Virtual size: 8KB

.themida
Size: - Virtual size: 7.2MB

.boot
Size: 4.2MB - Virtual size: 4.2MB