qs4p2zrKl5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

qs4p2zrKl5.exe
Size

9.8MB
MD5

54b7f1ea7c6b37ce33b874010ffbd20d
SHA1

c8b188bd2aabe709a7e3170189ecd647db75c58c
SHA256

9b9aee0c90bba06573a30db19acea0932bdf4e0f45ee0de4f9d012fd0e798d17
SHA512

3a98e039a84027c416d87a614fe53bd8daa28cd597b8286ef7ad7ebfe5e56bdc0565072d0b5d93c5167bafbe150346e3dbb6b9888f4433915248de3f223d2d90
SSDEEP

196608:gsITLDNP+w7c1k/XRs4+F9AzFepmhoM2V0dymUripPH7Gk:gfTXNP+w7c+/hsVbAZioh2V4tpPbGk

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

qs4p2zrKl5.exe
.exe windows x64

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:79:50:43:47:29:89:c9:db:9c:38:3e:06:be:1b:e4
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/04/2020, 00:00

Not After

10/04/2023, 12:00

Subject

CN=Manthe Industries\, LLC,O=Manthe Industries\, LLC,L=STEVENS POINT,ST=WISCONSIN,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

be:f0:1a:db:7d:91:73:c5:44:6b:ba:fc:b7:81:08:38:57:dc:12:1b
Signer

Actual PE Digest

be:f0:1a:db:7d:91:73:c5:44:6b:ba:fc:b7:81:08:38:57:dc:12:1b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Manthe Industries\, LLC,O=Manthe Industries\, LLC,L=STEVENS POINT,ST=WISCONSIN,C=US

13/04/2023, 18:10
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 337KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 136KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 117KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 37KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0d:79:50:43:47:29:89:c9:db:9c:38:3e:06:be:1b:e4Certificate

Extended Key Usages

Key Usages

be:f0:1a:db:7d:91:73:c5:44:6b:ba:fc:b7:81:08:38:57:dc:12:1bSigner

Signature Validations

Verification

13/04/2023, 18:10 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.4MB - Virtual size: 3.5MB

Size: 337KB - Virtual size: 980KB

Size: 136KB - Virtual size: 489KB

Size: 117KB - Virtual size: 218KB

Size: 512B - Virtual size: 252B

Size: 37KB - Virtual size: 46KB

Size: 8KB - Virtual size: 36KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 5KB - Virtual size: 5KB

.themida Size: - Virtual size: 10.7MB

.boot Size: 7.7MB - Virtual size: 7.7MB

.reloc Size: 16B - Virtual size: 4KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:79:50:43:47:29:89:c9:db:9c:38:3e:06:be:1b:e4
Certificate

be:f0:1a:db:7d:91:73:c5:44:6b:ba:fc:b7:81:08:38:57:dc:12:1b
Signer

13/04/2023, 18:10
Valid: false

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 5KB

.themida
Size: - Virtual size: 10.7MB

.boot
Size: 7.7MB - Virtual size: 7.7MB

.reloc
Size: 16B - Virtual size: 4KB