SonOyuncu Minecraft Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SonOyuncu Minecraft Launcher.exe
Size

8.1MB
MD5

b31feb9d93ba242dbfbfeeaebc180518
SHA1

beaa4117b810de3922b0e6587a0c901513e5ce9f
SHA256

3f7d3a26b0ca851665f19784ba4f43f2a788e1185b94f38c9b3d6d8b552d11d8
SHA512

633e09699d57a5ee69ad557048dc5a31d13412363636666ba19d0b0dce3d79188edff2ea7bfc7c82201c045d3cbc3ea011ee147c8656dd7002748df56fe217b5
SSDEEP

98304:d+V6/2+1hfyQAgjsPTBo1wJ1OMSE+WQayRgntQP23xu16Rt6YeI7mT2MYOeLXS+2:d+g1PfyQKq2pOayRdESYmT273p2

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
sample	themida

Files

SonOyuncu Minecraft Launcher.exe
.exe windows x86

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:27:41:a9:81:7a:46:0e:73:e6:46:5c:8c:82:8e:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

10/11/2022, 00:00

Not After

10/11/2023, 23:59

Subject

CN=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,O=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,ST=Kocaeli,C=TR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:a9:d5:8c:3d:fc:6e:0e:bd:83:8d:9f:79:37:3e:0e:f3:45:d9:4c:e4:de:76:f1:e4:9f:06:0b:5c:be:16:c5
Signer

Actual PE Digest

2f:a9:d5:8c:3d:fc:6e:0e:bd:83:8d:9f:79:37:3e:0e:f3:45:d9:4c:e4:de:76:f1:e4:9f:06:0b:5c:be:16:c5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,O=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,ST=Kocaeli,C=TR

13/04/2023, 18:12
Valid: true

Chain 1

CN=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,O=BITWISE YAZILIM INTERNET VE TICARET LIMITED SIRKETI,ST=Kocaeli,C=TR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 1.5MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.6MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 211KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 154KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 23KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

03:27:41:a9:81:7a:46:0e:73:e6:46:5c:8c:82:8e:beCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

2f:a9:d5:8c:3d:fc:6e:0e:bd:83:8d:9f:79:37:3e:0e:f3:45:d9:4c:e4:de:76:f1:e4:9f:06:0b:5c:be:16:c5Signer

Signature Validations

Verification

13/04/2023, 18:12 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

Size: 1.5MB - Virtual size: 3.9MB

Size: 1.6MB - Virtual size: 4.1MB

Size: 211KB - Virtual size: 534KB

Size: 512B - Virtual size: 1020B

Size: 154KB - Virtual size: 318KB

Size: 512B - Virtual size: 4B

Size: 23KB - Virtual size: 110KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 111KB - Virtual size: 111KB

.themida Size: - Virtual size: 7.4MB

.boot Size: 4.6MB - Virtual size: 4.6MB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

03:27:41:a9:81:7a:46:0e:73:e6:46:5c:8c:82:8e:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

2f:a9:d5:8c:3d:fc:6e:0e:bd:83:8d:9f:79:37:3e:0e:f3:45:d9:4c:e4:de:76:f1:e4:9f:06:0b:5c:be:16:c5
Signer

13/04/2023, 18:12
Valid: true

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 111KB - Virtual size: 111KB

.themida
Size: - Virtual size: 7.4MB

.boot
Size: 4.6MB - Virtual size: 4.6MB