623bca798c05a1e5dc5a26ff57329459[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

623bca798c05a1e5dc5a26ff57329459.bin
Size

2.3MB
MD5

6f45c2f05be83fc45abe1a6217aaef22
SHA1

75ea8cb74e30b44086b7f81ca4d606d629b8974c
SHA256

43ca13b1d4234eea47695bce03ff36180038896a84d6bd3004a2a17730c710fc
SHA512

bdfb6553957e3b6ff024b9194e6b20945194cfe6c32174e9931bec2fc766de21a2562c76f1e2e516f2016d9ed27edec9eb9d0c6aa6a0ce99d1b5168fb3a27082
SSDEEP

49152:Kt6nplMbi+lY6yVSD2GxfnR/FDG2e5Ej1ACRnSD+DvS9ZLz7XzRr1VpT3:g6nHMbXY6MU2Gxfn7G2e5EjpS629ZLf7

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/8b11bff6246c53c7a2488b7375ce50a193a3e7a01e1f9bd4856bc55d90fb9e7c.exe	themida

Files

623bca798c05a1e5dc5a26ff57329459.bin
.zip

Password: infected
8b11bff6246c53c7a2488b7375ce50a193a3e7a01e1f9bd4856bc55d90fb9e7c.exe
.exe windows x86

Password: infected

Code Sign

19:c7:e0:9e:14:25:d8:b8:48:5d:a7:43:8f:fd:57:0c
Certificate

Issuer

CN=Hewlett-Packard Company

Not Before

16-07-2023 17:53

Not After

17-07-2033 17:53

Subject

CN=Hewlett-Packard Company

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:76:a6:5e:93:85:65:f2:53:46:89:a5:bc:dd:7d:99:72:91:ee:96:5b:e3:1e:5c:08:01:74:5e:00:a3:ac:84
Signer

Actual PE Digest

cb:76:a6:5e:93:85:65:f2:53:46:89:a5:bc:dd:7d:99:72:91:ee:96:5b:e3:1e:5c:08:01:74:5e:00:a3:ac:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 338KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 68KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Code Sign

19:c7:e0:9e:14:25:d8:b8:48:5d:a7:43:8f:fd:57:0cCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

cb:76:a6:5e:93:85:65:f2:53:46:89:a5:bc:dd:7d:99:72:91:ee:96:5b:e3:1e:5c:08:01:74:5e:00:a3:ac:84Signer

Headers

DLL Characteristics

File Characteristics

Sections

Size: 338KB - Virtual size: 408KB

Size: 68KB - Virtual size: 121KB

Size: 512B - Virtual size: 12B

.idata Size: 512B - Virtual size: 8KB

.rsrc Size: 122KB - Virtual size: 122KB

.themida Size: - Virtual size: 3.3MB

.boot Size: 1.8MB - Virtual size: 1.8MB

19:c7:e0:9e:14:25:d8:b8:48:5d:a7:43:8f:fd:57:0c
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

cb:76:a6:5e:93:85:65:f2:53:46:89:a5:bc:dd:7d:99:72:91:ee:96:5b:e3:1e:5c:08:01:74:5e:00:a3:ac:84
Signer

.idata
Size: 512B - Virtual size: 8KB

.rsrc
Size: 122KB - Virtual size: 122KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 1.8MB - Virtual size: 1.8MB