PassKeys_2023_ActiveSetupQ84[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PassKeys_2023_ActiveSetupQ84.rar
Size

16.5MB
MD5

184c1128d5a3c1b60b4c09fb743ef4a6
SHA1

4f7e9ac4e53a0324e31561ea4d7222ed3cd5bdaa
SHA256

676e79abc60a3895794afc4e63da069caf7677276932d15dc827916c16264a6d
SHA512

c51eccf6666700465d33751f69d56d324b46af73b0298e8b7669ed9efe180cfbdc4f955010d050c2c09e398a664f4f6c90c98243a0561babc1fff1fafb2ed362
SSDEEP

393216:4pMvWXXsRTCmqLOe5iMHJcFwq5JTHtdLGpiUZ8WFw:4pQKXsJLmOeQMpOdiUVN

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
static1/unpack002/satup.exe	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/satup.exe

Files

PassKeys_2023_ActiveSetupQ84.rar
.rar

Password: 2023
AppFilesThere-.rar
.rar
satup.exe
.exe windows x86

Password: 2023

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 25KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 903KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
F0nts/9514csyw.fon
F0nts/A4sqy2ane.fon
F0nts/Cerdanaqs.ttf
F0nts/Emalejy.fon
F0nts/Qerdapbq.ttf
F0nts/S0sazpln.fon
F0nts/Terdanrms.ttf
F0nts/symub0l.ttf
Keygens.txt