6ccc154c5fcb2f7637a5a0edf8d5f9b7[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

6ccc154c5fcb2f7637a5a0edf8d5f9b7.bin
Size

5.9MB
MD5

11e0f01d65ebcb7b0696e9c78f8e0cdf
SHA1

bf088d20d3efa675650af5bb73f671222288ede9
SHA256

57550b52f0188c49416ac6a710c26a4fd66fad5cbcac45057701eb1a6142e11a
SHA512

e005339c8707f19ec1ab93895dce2e9b236654e71e686db98429e6e2f898dd9c0391e1d062958361c0664b4c361d0dc1d15400355a1d9a0fd383b34b31bcfe51
SSDEEP

98304:3WO72pkApZZUvr1aEmoiEJXR2zQ2jU9EncNB81NLS4jnEZ5ZZxfiJmV8GVY:3WO7tAPZmrQpzUsQ2gCnT1NG/ZXbiJm8

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/c8e81c4d181e65bcf28ab26d67b9afcd85ba74fb0dbae302ad4c0d3acdd7b0c8.exe	themida

Files

6ccc154c5fcb2f7637a5a0edf8d5f9b7.bin
.zip

Password: infected
c8e81c4d181e65bcf28ab26d67b9afcd85ba74fb0dbae302ad4c0d3acdd7b0c8.exe
.exe windows x64

Password: infected

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:56:1a:97:1e:67:60:3e:06:ee:ec:69
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

22/11/2019, 07:40

Not After

06/11/2020, 06:32

Subject

CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeounggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:d4:43:fe:ee:0f:cb:4e:89:bb:cc:4c:ac:40:fd:20:4e:2a:07:e8
Signer

Actual PE Digest

51:d4:43:fe:ee:0f:cb:4e:89:bb:cc:4c:ac:40:fd:20:4e:2a:07:e8

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeounggi-do,C=KR

04/03/2020, 01:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 47KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.themida
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

1d:56:1a:97:1e:67:60:3e:06:ee:ec:69Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

51:d4:43:fe:ee:0f:cb:4e:89:bb:cc:4c:ac:40:fd:20:4e:2a:07:e8Signer

Signature Validations

Verification

04/03/2020, 01:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

Size: 47KB - Virtual size: 122KB

Size: 4.6MB - Virtual size: 9.6MB

Size: 6KB - Virtual size: 19KB

Size: 2KB - Virtual size: 6KB

Size: 1024B - Virtual size: 4KB

.bss Size: - Virtual size: 15KB

Size: 512B - Virtual size: 2KB

Size: 512B - Virtual size: 96B

Size: 512B - Virtual size: 16B

.rsrc Size: 753KB - Virtual size: 752KB

Size: 1024B - Virtual size: 816B

.idata Size: 512B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.themida Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 16B - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

1d:56:1a:97:1e:67:60:3e:06:ee:ec:69
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

51:d4:43:fe:ee:0f:cb:4e:89:bb:cc:4c:ac:40:fd:20:4e:2a:07:e8
Signer

04/03/2020, 01:38
Valid: false

.bss
Size: - Virtual size: 15KB

.rsrc
Size: 753KB - Virtual size: 752KB

.idata
Size: 512B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.themida
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 16B - Virtual size: 4KB