05f7a1978acfad1e34f9c179b9c686fe[.]exe[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

05f7a1978acfad1e34f9c179b9c686fe.exe.rar
Size

18.7MB
MD5

7db8fbe5a556716894a1b10a0f113c52
SHA1

37096d1c6f27e53b272aafd131685f5aac122107
SHA256

1eb2a9e20df8cae14f27f721414e8cf34819d56b317c8542ca9206412eca18d6
SHA512

68ac14b57adfa55b3d78e84d70e35559b02f4e732d216ae6175ed8a5e473b643e80a7a01896b9eabb7754942c2f0eb976b769797a7f7219a9764cff26843576a
SSDEEP

393216:HmtJ9NtR1rYhCFyXCu+vVZGrJ9val77S2rIbFrCxsCFps9XV/aGPVdS98lsdW6xs:HKjLYhCEXCu+9092W2rIZmNsxV5VdYmJ

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/05f7a1978acfad1e34f9c179b9c686fe.exe.vir	themida

Files

05f7a1978acfad1e34f9c179b9c686fe.exe.rar
.rar
05f7a1978acfad1e34f9c179b9c686fe.exe.vir
.exe windows x86

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

11-04-2023 00:00

Not After

12-04-2026 23:59

Subject

CN=Famatech Corp.,O=Famatech Corp.,L=Road Town,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:fa:bc:0a:f8:06:23:44:db:05:bd:15:d6:6d:9d:64:47:8c:29:9d:2b:6f:9a:75:78:31:0a:d8:cf:9b:c2:59
Signer

Actual PE Digest

71:fa:bc:0a:f8:06:23:44:db:05:bd:15:d6:6d:9d:64:47:8c:29:9d:2b:6f:9a:75:78:31:0a:d8:cf:9b:c2:59

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 766KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 109KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:ccCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

71:fa:bc:0a:f8:06:23:44:db:05:bd:15:d6:6d:9d:64:47:8c:29:9d:2b:6f:9a:75:78:31:0a:d8:cf:9b:c2:59Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 766KB - Virtual size: 808KB

Size: 109KB - Virtual size: 214KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 214KB - Virtual size: 214KB

.themida Size: - Virtual size: 3.1MB

.boot Size: 1.7MB - Virtual size: 1.7MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:66:72:13:08:65:81:e3:ff:ef:3e:8f:c6:3a:f2:cc
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

71:fa:bc:0a:f8:06:23:44:db:05:bd:15:d6:6d:9d:64:47:8c:29:9d:2b:6f:9a:75:78:31:0a:d8:cf:9b:c2:59
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 214KB - Virtual size: 214KB

.themida
Size: - Virtual size: 3.1MB

.boot
Size: 1.7MB - Virtual size: 1.7MB